@nx/plugin
This plugin is used to create Nx plugins! It contains generators for generating common plugin features like generators, executors, migrations and more.
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:child-process-import | AI (semgrep): child_process is used in testing-utils for running CLI commands; expected and documented for this build-tool package. | ai | |
| semgrep | semgrep:env-spread | AI (semgrep): env-spread in testing-utils exec wrapper is intentional — passes caller-supplied env overrides to child processes. | ai |
Versions (showing 50 of 50)
| Version | Deps | Published |
|---|---|---|
| 22.7.5 | 5 / 1 | |
| 22.7.4 | 5 / 1 | |
| 22.7.3 | 5 / 1 | |
| 22.7.2 | 5 / 1 | |
| 22.7.1 | 5 / 1 | |
| 22.7.0 | 5 / 1 | |
| 22.6.5 | 5 / 1 | |
| 22.6.4 | 5 / 1 | |
| 22.6.3 | 5 / 1 | |
| 22.6.2 | 5 / 1 | |
| 22.6.1 | 5 / 1 | |
| 22.6.0 | 5 / 1 | |
| 22.5.4 | 5 / 1 | |
| 22.5.3 | 5 / 1 | |
| 22.5.2 | 5 / 1 | |
| 22.5.1 | 5 / 1 | |
| 22.5.0 | 5 / 1 | |
| 22.4.5 | 5 / 1 | |
| 22.4.4 | 5 / 1 | |
| 22.4.3 | 5 / 1 | |
| 22.4.2 | 5 / 1 | |
| 22.4.1 | 5 / 1 | |
| 22.4.0 | 5 / 1 | |
| 22.3.3 | 5 / 1 | |
| 22.3.2 | 5 / 1 | |
| 22.3.1 | 5 / 1 | |
| 22.3.0 | 5 / 1 | |
| 22.2.7 | 5 / 1 | |
| 22.2.6 | 5 / 1 | |
| 22.2.5 | 5 / 1 | |
| 22.2.4 | 5 / 1 | |
| 22.2.3 | 5 / 1 | |
| 22.2.2 | 5 / 1 | |
| 22.2.1 | 5 / 1 | |
| 22.2.0 | 5 / 1 | |
| 22.1.3 | 5 / 1 | |
| 22.1.2 | 5 / 1 | |
| 22.1.1 | 5 / 1 | |
| 22.1.0 | 5 / 1 | |
| 22.0.4 | 5 / 1 | |
| 22.0.3 | 5 / 1 | |
| 22.0.2 | 5 / 1 | |
| 22.0.1 | 5 / 1 | |
| 22.0.0 | 5 / 1 | |
| 21.6.11 | 5 / 1 | |
| 21.6.10 | 5 / 1 | |
| 21.6.9 | 5 / 1 | |
| 21.3.12 | 5 / 0 | |
| 20.8.4 | 5 / 0 | |
| 20.8.3 | 5 / 0 |
v22.7.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.7.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.7.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.7.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.7.0
4 findingsSpreading entire process.env into an object — may capture all secrets 19 | (0, child_process_1.exec)(command, { 20 | cwd: opts.cwd ?? (0, paths_1.tmpProjPath)(), > 21 | env: { ...process.env, ...opts.env }, 22 | windowsHide: true, 23 | }, (err, stdout, stderr) => {
Spreading entire process.env into an object — may capture all secrets 21 | const execSyncOptions = { 22 | cwd, > 23 | env: { ...process.env, ...opts.env }, 24 | windowsHide: true, 25 | };
Spreading entire process.env into an object — may capture all secrets 55 | cwd: opts.cwd ?? (0, paths_1.tmpProjPath)(), 56 | stdio: ['pipe', 'pipe', 'pipe'], > 57 | env: { ...process.env, ...opts?.env }, 58 | windowsHide: true, 59 | }).toString();
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.6.5
4 findingsSpreading entire process.env into an object — may capture all secrets 19 | (0, child_process_1.exec)(command, { 20 | cwd: opts.cwd ?? (0, paths_1.tmpProjPath)(), > 21 | env: { ...process.env, ...opts.env }, 22 | windowsHide: true, 23 | }, (err, stdout, stderr) => {
Spreading entire process.env into an object — may capture all secrets 21 | const execSyncOptions = { 22 | cwd, > 23 | env: { ...process.env, ...opts.env }, 24 | windowsHide: true, 25 | };
Spreading entire process.env into an object — may capture all secrets 55 | cwd: opts.cwd ?? (0, paths_1.tmpProjPath)(), 56 | stdio: ['pipe', 'pipe', 'pipe'], > 57 | env: { ...process.env, ...opts?.env }, 58 | windowsHide: true, 59 | }).toString();
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.6.4
4 findingsSpreading entire process.env into an object — may capture all secrets 19 | (0, child_process_1.exec)(command, { 20 | cwd: opts.cwd ?? (0, paths_1.tmpProjPath)(), > 21 | env: { ...process.env, ...opts.env }, 22 | windowsHide: true, 23 | }, (err, stdout, stderr) => {
Spreading entire process.env into an object — may capture all secrets 21 | const execSyncOptions = { 22 | cwd, > 23 | env: { ...process.env, ...opts.env }, 24 | windowsHide: true, 25 | };
Spreading entire process.env into an object — may capture all secrets 55 | cwd: opts.cwd ?? (0, paths_1.tmpProjPath)(), 56 | stdio: ['pipe', 'pipe', 'pipe'], > 57 | env: { ...process.env, ...opts?.env }, 58 | windowsHide: true, 59 | }).toString();
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.6.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.6.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.6.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.6.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.5.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.5.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.5.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.5.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.5.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.4.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.4.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.4.3
4 findingsSpreading entire process.env into an object — may capture all secrets 19 | (0, child_process_1.exec)(command, { 20 | cwd: opts.cwd ?? (0, paths_1.tmpProjPath)(), > 21 | env: { ...process.env, ...opts.env }, 22 | windowsHide: false, 23 | }, (err, stdout, stderr) => {
Spreading entire process.env into an object — may capture all secrets 21 | const execSyncOptions = { 22 | cwd, > 23 | env: { ...process.env, ...opts.env }, 24 | windowsHide: false, 25 | };
Spreading entire process.env into an object — may capture all secrets 55 | cwd: opts.cwd ?? (0, paths_1.tmpProjPath)(), 56 | stdio: ['pipe', 'pipe', 'pipe'], > 57 | env: { ...process.env, ...opts?.env }, 58 | }).toString(); 59 | }
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.4.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.4.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.4.0
4 findingsSpreading entire process.env into an object — may capture all secrets 19 | (0, child_process_1.exec)(command, { 20 | cwd: opts.cwd ?? (0, paths_1.tmpProjPath)(), > 21 | env: { ...process.env, ...opts.env }, 22 | windowsHide: false, 23 | }, (err, stdout, stderr) => {
Spreading entire process.env into an object — may capture all secrets 21 | const execSyncOptions = { 22 | cwd, > 23 | env: { ...process.env, ...opts.env }, 24 | windowsHide: false, 25 | };
Spreading entire process.env into an object — may capture all secrets 55 | cwd: opts.cwd ?? (0, paths_1.tmpProjPath)(), 56 | stdio: ['pipe', 'pipe', 'pipe'], > 57 | env: { ...process.env, ...opts?.env }, 58 | }).toString(); 59 | }
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.3.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.3.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.3.1
4 findingsSpreading entire process.env into an object — may capture all secrets 19 | (0, child_process_1.exec)(command, { 20 | cwd: opts.cwd ?? (0, paths_1.tmpProjPath)(), > 21 | env: { ...process.env, ...opts.env }, 22 | windowsHide: false, 23 | }, (err, stdout, stderr) => {
Spreading entire process.env into an object — may capture all secrets 21 | const execSyncOptions = { 22 | cwd, > 23 | env: { ...process.env, ...opts.env }, 24 | windowsHide: false, 25 | };
Spreading entire process.env into an object — may capture all secrets 55 | cwd: opts.cwd ?? (0, paths_1.tmpProjPath)(), 56 | stdio: ['pipe', 'pipe', 'pipe'], > 57 | env: { ...process.env, ...opts?.env }, 58 | }).toString(); 59 | }
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.3.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.2.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.2.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.2.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.2.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.2.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.2.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.2.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.2.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.1.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.1.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.1.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.1.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.0.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.0.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.0.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.0.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.0.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v21.6.11
4 findingsSpreading entire process.env into an object — may capture all secrets 19 | (0, child_process_1.exec)(command, { 20 | cwd: opts.cwd ?? (0, paths_1.tmpProjPath)(), > 21 | env: { ...process.env, ...opts.env }, 22 | windowsHide: false, 23 | }, (err, stdout, stderr) => {
Spreading entire process.env into an object — may capture all secrets 21 | const execSyncOptions = { 22 | cwd, > 23 | env: { ...process.env, ...opts.env }, 24 | windowsHide: false, 25 | };
Spreading entire process.env into an object — may capture all secrets 55 | cwd: opts.cwd ?? (0, paths_1.tmpProjPath)(), 56 | stdio: ['pipe', 'pipe', 'pipe'], > 57 | env: { ...process.env, ...opts?.env }, 58 | }).toString(); 59 | }
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v21.6.10
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v21.6.9
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v21.3.12
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v20.8.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v20.8.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.