← Home

@moneydevkit/create

npm Repository Homepage

Interactive CLI for bootstrapping Money Dev Kit credentials.

12
Versions
Apache-2.0
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

martinsaponatelkinsamackillopezefrd-mdknpslaney

Keywords

moneydevkitlightningcli

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
phantom-deps phantom-dep:@moneydevkit/api-contract AI (phantom-deps): Same-org monorepo dep; declared in package.json, phantom detection is a false positive for this package. ai
phantom-deps phantom-dep:@moneydevkit/lightning-js AI (phantom-deps): Same-org monorepo dep; declared in package.json, phantom detection is a false positive for this package. ai
phantom-deps phantom-dep:@orpc/contract AI (phantom-deps): Referenced in config files per finding; stable false positive for this package. ai
phantom-deps phantom-dep:undici AI (phantom-deps): Known implicit runtime dependency pattern; stable false positive for this package. ai

Versions (showing 12 of 12)

Version Deps Published
0.16.0 12 / 12
0.15.0 12 / 12
0.11.0 12 / 12
0.10.0 12 / 12
0.9.0 12 / 12
0.8.0 12 / 12
0.7.0 12 / 12
0.6.0 12 / 12
0.5.0 12 / 12
0.3.2 11 / 11
0.3.1 11 / 11
0.3.0 11 / 11

v0.16.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.15.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.11.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.10.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.8.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.7.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.5.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.