@pks-cli/cli MIT 7 versions

@pks-cli/cli

npm Repository Homepage

The next agentic CLI for .NET developers

7

Versions

MIT

License

Yes

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

pksorensen

Keywords

clidotnetagenticdeveloper-toolsaiautomationkubernetesdevcontainer

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
typosquat	typosquat.levenshtein:joi	AI (typosquat): Scoped CLI package for .NET devs; no semantic or brand overlap with joi validation library.	ai	2026/05/18
install-scripts	install-script:postinstall	AI (install-scripts): Postinstall selects platform-specific prebuilt binary from optional deps; standard pattern for cross-platform CLI tools.	ai	2026/05/18
semgrep	semgrep:child-process-import	AI (semgrep): child_process used in CLI bin entry point to spawn the native binary; expected for this package type.	ai	2026/05/18

Versions (showing 7 of 7)

Version	Deps	Published
6.13.0	0 / 0	2026-05-18
6.12.0	0 / 0	2026-05-07
6.11.0	0 / 0	2026-05-04
6.10.0	0 / 0	2026-05-02
6.5.2	0 / 0	2026-03-29
6.5.0	0 / 0	2026-03-29
6.3.0	0 / 0	2026-03-28

v6.13.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.12.0

2 findings

HIGH Package has 'postinstall' script install-scripts

Script: node postinstall.js

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.11.0

2 findings

HIGH Package has 'postinstall' script install-scripts

Script: node postinstall.js

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.10.0

2 findings

HIGH Package has 'postinstall' script install-scripts

Script: node postinstall.js

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.5.2

2 findings

HIGH Package has 'postinstall' script install-scripts

Script: node postinstall.js

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.5.0

2 findings

HIGH Package has 'postinstall' script install-scripts

Script: node postinstall.js

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.3.0

2 findings

HIGH Package has 'postinstall' script install-scripts

Script: node postinstall.js

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.