@pnpm/installing.commands

Commands for installation

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

pnpmuserzkochan

Keywords

pnpmpnpm11

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
phantom-deps	phantom-dep:get-npm-tarball-url	AI (phantom-deps): Config-file reference in pnpm monorepo; stable pattern.	ai	2026/05/01
phantom-deps	phantom-dep:@pnpm/catalogs.types	AI (phantom-deps): Same-org scoped package; monorepo internal dependency pattern.	ai	2026/05/01
phantom-deps	phantom-dep:version-selector-type	AI (phantom-deps): Config-file reference in pnpm monorepo; stable pattern.	ai	2026/05/01
phantom-deps	phantom-dep:@pnpm/fs.read-modules-dir	AI (phantom-deps): Same-org scoped package; monorepo internal dependency pattern.	ai	2026/05/01
phantom-deps	phantom-dep:@pnpm/pkg-manifest.reader	AI (phantom-deps): Same-org scoped package; monorepo internal dependency pattern.	ai	2026/05/01
phantom-deps	phantom-dep:@pnpm/workspace.root-finder	AI (phantom-deps): Same-org scoped package; monorepo internal dependency pattern.	ai	2026/05/01
phantom-deps	phantom-dep:@pnpm/config.pick-registry-for-package	AI (phantom-deps): Same-org scoped package; monorepo internal dependency pattern.	ai	2026/05/01

Versions (showing 28 of 28)

Version	Deps	Published
1100.7.2	60 / 29	2026-06-05
1100.7.1	60 / 29	2026-06-02
1100.7.0	60 / 29	2026-05-29
1100.6.0	60 / 30	2026-05-27
1100.5.0	60 / 29	2026-05-24
1100.4.2	60 / 29	2026-05-21
1100.4.1	60 / 29	2026-05-20
1100.4.0	60 / 29	2026-05-20
1100.3.0	60 / 29	2026-05-18
1100.2.2	58 / 30	2026-05-14
1100.2.1	58 / 30	2026-05-12
1100.2.0	58 / 30	2026-05-11
1100.1.12	58 / 30	2026-05-09
1100.1.11	58 / 30	2026-05-07
1100.1.10	58 / 30	2026-05-06
1100.1.9	58 / 30	2026-05-05
1100.1.8	58 / 30	2026-05-04
1100.1.7	58 / 30	2026-05-02
1100.1.6	58 / 30	2026-04-30
1100.1.5	58 / 30	2026-04-30
1100.1.4	58 / 30	2026-04-29
1100.1.3	58 / 30	2026-04-28
1100.1.2	59 / 31	2026-04-21
1100.1.1	59 / 31	2026-04-20
1100.1.0	59 / 31	2026-04-17
1100.0.1	59 / 31	2026-04-15
1100.0.0	59 / 31	2026-04-10
1004.6.10	58 / 30	2026-03-19

v1100.7.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1100.7.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1100.7.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1100.6.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1100.5.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1100.4.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1100.4.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1100.4.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1100.3.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1100.2.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1100.2.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1100.2.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1100.1.12

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1100.1.11

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1100.1.10

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1100.1.9

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1100.1.8

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1100.1.7

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1100.1.6

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1100.1.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1100.1.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1100.1.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1100.1.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1100.1.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1100.0.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1100.0.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1004.6.10

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.