@powerlines/engine
An internal package containing the core engine modules for Powerlines.
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:jiti | AI (phantom-deps): Config-file reference pattern; stable false positive for this package. | ai | |
| source-diff | source-size-dropped | AI (source-diff): Size drop reflects dep removal refactor, not stub replacement; consistent with diff showing many deps removed. | ai | |
| source-diff | large-new-source-files | AI (source-diff): Active monorepo with frequent large refactors; SLSA provenance confirms CI/CD build integrity. | ai | |
| publish-pattern | new-deps-added | AI (publish-pattern): tinypool is a legitimate worker-pool lib replacing piscina; no malicious history. | ai | |
| phantom-deps | phantom-dep:@stryke/http | AI (phantom-deps): Part of the @stryke/* ecosystem used by this package; likely referenced via config/re-export pattern. | ai | |
| phantom-deps | phantom-dep:ua-parser-modern | AI (phantom-deps): Legitimate dep used indirectly via config; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@stryke/json | AI (phantom-deps): Part of the @stryke/* ecosystem used by this package; likely referenced via config/re-export pattern. | ai | |
| phantom-deps | phantom-dep:@stryke/hash | AI (phantom-deps): Part of the @stryke/* ecosystem used by this package; likely referenced via config/re-export pattern. | ai | |
| phantom-deps | phantom-dep:structured-clone-es | AI (phantom-deps): Same bundled build pattern; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:birpc | AI (phantom-deps): Bundled build artifact; phantom-dep heuristic fires on bundled deps not directly imported in source. | ai | |
| phantom-deps | phantom-dep:unplugin | AI (phantom-deps): Build tool dependency referenced in config files; common pattern in monorepo packages and does not indicate supply chain risk. | ai | |
| phantom-deps | phantom-dep:@stryke/async | AI (phantom-deps): Phantom dependency pattern is expected in monorepo build tools; declared but referenced only in config files, not directly imported. | ai | |
| phantom-deps | phantom-dep:@jridgewell/sourcemap-codec | AI (phantom-deps): Declared runtime dep referenced in config files. Standard pattern for this build-tool package. | ai | |
| phantom-deps | phantom-dep:@storm-software/config | AI (phantom-deps): First-party Storm Software dep referenced in config files. Standard pattern for this ecosystem. | ai | |
| phantom-deps | phantom-dep:locate-character | AI (phantom-deps): locate-character is a declared runtime dep referenced in config files. Standard pattern for this build-tool package. | ai | |
| phantom-deps | phantom-dep:oxc-resolver | AI (phantom-deps): oxc-resolver is a declared runtime dep referenced in config files. Standard pattern for this build-tool package. | ai | |
| phantom-deps | phantom-dep:unimport | AI (phantom-deps): unimport is a declared runtime dep used in build config files, not directly imported. Consistent pattern for this build-tool package. | ai | |
| phantom-deps | phantom-dep:@cacheable/memory | AI (phantom-deps): Declared runtime dep referenced in config files. Standard pattern for this build-tool package. | ai | |
| dependencies | unvetted-dep:@powerlines/core | AI (dependencies): Sibling package from the same Storm Software / Powerlines org; consistent with the package's stated purpose. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Minor quality signals (off-topic README content, no keywords) with no security implications for this legitimate Storm Software package. | ai | |
| dependencies | unvetted-dep:handlebars | AI (dependencies): Handlebars is a well-known templating library; ^4.7.9 targets a patched version. No security concern for this package. | ai |
Versions (showing 51 of 63)
| Version | Deps | Published |
|---|---|---|
| 0.49.34 | 29 / 4 | |
| 0.49.33 | 29 / 4 | |
| 0.49.20 | 29 / 4 | |
| 0.49.19 | 29 / 4 | |
| 0.49.14 | 30 / 4 | |
| 0.49.13 | 30 / 4 | |
| 0.49.5 | 30 / 4 | |
| 0.47.2 | 38 / 8 | |
| 0.47.1 | 38 / 8 | |
| 0.46.6 | 37 / 8 | |
| 0.46.5 | 35 / 8 | |
| 0.46.4 | 35 / 8 | |
| 0.46.3 | 35 / 8 | |
| 0.46.2 | 35 / 8 | |
| 0.46.0 | 35 / 8 | |
| 0.45.3 | 35 / 8 | |
| 0.45.2 | 35 / 8 | |
| 0.45.0 | 35 / 8 | |
| 0.44.12 | 35 / 8 | |
| 0.44.11 | 35 / 8 | |
| 0.44.8 | 35 / 8 | |
| 0.44.7 | 35 / 8 | |
| 0.44.4 | 35 / 8 | |
| 0.44.2 | 35 / 8 | |
| 0.44.1 | 35 / 8 | |
| 0.44.0 | 35 / 8 | |
| 0.43.31 | 35 / 8 | |
| 0.43.30 | 35 / 8 | |
| 0.43.29 | 35 / 8 | |
| 0.43.28 | 34 / 8 | |
| 0.43.27 | 34 / 8 | |
| 0.43.26 | 34 / 8 | |
| 0.43.25 | 34 / 8 | |
| 0.15.20 | 30 / 4 | |
| 0.15.14 | 29 / 4 | |
| 0.15.9 | 29 / 4 | |
| 0.15.1 | 29 / 4 | |
| 0.15.0 | 34 / 8 | |
| 0.14.5 | 34 / 8 | |
| 0.14.4 | 34 / 8 | |
| 0.8.67 | 29 / 4 | |
| 0.0.25 | 34 / 8 | |
| 0.0.24 | 34 / 8 | |
| 0.0.23 | 34 / 8 | |
| 0.0.22 | 34 / 8 | |
| 0.0.21 | 34 / 8 | |
| 0.0.20 | 34 / 8 | |
| 0.0.19 | 34 / 8 | |
| 0.0.18 | 34 / 8 | |
| 0.0.17 | 34 / 8 | |
| 0.0.16 | 34 / 8 |
v0.49.34
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.49.33
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.49.20
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.49.19
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.49.14
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.49.13
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.49.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.47.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.47.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.46.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.46.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.46.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.46.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.46.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.46.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.45.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.45.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.45.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.43.31
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.43.30
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.43.29
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.43.28
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.43.27
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.43.26
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.43.25
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.15.20
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.15.14
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.15.9
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.15.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.15.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.14.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.14.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.67
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.25
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.24
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.23
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.22
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.21
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.20
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.19
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.18
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.17
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.16
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.