@oiyo/cli SEE LICENSE IN LICENSE 16 versions

@oiyo/cli

npm Repository Homepage

oiyo 是以融合AI协作，提升开发体验，降低心智成本为三大理念的 UniApp 增强型工程框架

16

Versions

SEE LICENSE IN LICENSE

License

No

Install Scripts

Missing

Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

skiyee

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
phantom-deps	phantom-dep:ansis	AI (phantom-deps): Bundled output; stable false positive for this package.	ai	2026/05/20
phantom-deps	phantom-dep:citty	AI (phantom-deps): Bundled output; stable false positive for this package.	ai	2026/05/20
phantom-deps	phantom-dep:execa	AI (phantom-deps): Bundled output; stable false positive for this package.	ai	2026/05/20
phantom-deps	phantom-dep:pathe	AI (phantom-deps): Bundled output; stable false positive for this package.	ai	2026/05/20
phantom-deps	phantom-dep:consola	AI (phantom-deps): Bundled output; stable false positive for this package.	ai	2026/05/20
phantom-deps	phantom-dep:@oiyo/core	AI (phantom-deps): Same-org sibling package; bundled output pattern.	ai	2026/05/20
phantom-deps	phantom-dep:@oiyo/config	AI (phantom-deps): Same-org sibling package; bundled output pattern.	ai	2026/05/20
phantom-deps	phantom-dep:c12	AI (phantom-deps): Bundled output via tsdown; deps used at build time may not appear as direct imports.	ai	2026/05/20
typosquat	typosquat.levenshtein:joi	AI (typosquat): @oiyo/cli is a scoped org package unrelated to joi; Levenshtein match is coincidental.	ai	2026/05/20
phantom-deps	phantom-dep:@clack/prompts	AI (phantom-deps): Bundled output; stable false positive for this package.	ai	2026/05/20

Versions (showing 16 of 16)

Version	Deps	Published
0.3.7	9 / 0	2026-06-05
0.3.6	9 / 0	2026-05-31
0.3.5	9 / 0	2026-05-25
0.3.4	9 / 0	2026-05-23
0.3.3	9 / 0	2026-05-22
0.3.2	9 / 0	2026-05-22
0.3.1	9 / 0	2026-05-21
0.3.0	9 / 0	2026-05-21
0.2.1	9 / 0	2026-05-05
0.2.0	9 / 0	2026-05-05
0.1.2	9 / 0	2026-04-30
0.1.1	9 / 0	2026-04-30
0.1.0	9 / 0	2026-04-30
0.0.4	9 / 0	2026-04-15
0.0.3	9 / 0	2026-04-11
0.0.1	9 / 0	2026-04-10

v0.3.7

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.6

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.5

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.4

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.3

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.2.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.2.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.4

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.3

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.