@powerlines/plugin-automd
A Powerlines plugin to maintain a project's markdown files using AutoMD generators.
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | source-size-tripled | AI (source-diff): 50x size increase explained by bundling jiti (2.3MB), untyped, acorn into dist/node_modules. Legitimate architectural change from runtime dep to self-bundled deps. | ai | |
| source-diff | net-exec-file:dist/node_modules/.pnpm/[email protected]/node_modules/lodash.deburr/index.cjs | AI (source-diff): lodash.deburr is a well-known lodash utility; net-exec flag is a false positive from rolldown bundler wrapping pattern. No actual network calls in lodash.deburr. | ai | |
| source-diff | obfuscated-file:dist/node_modules/.pnpm/[email protected]/node_modules/jiti/dist/jiti.cjs | AI (source-diff): jiti's main dist file is minified by design; legitimate package bundled as transitive dep. | ai | |
| source-diff | obfuscated-file:dist/node_modules/.pnpm/[email protected]/node_modules/jiti/dist/babel.mjs | AI (source-diff): ESM variant of jiti babel dist; minified by design. Legitimate package. | ai | |
| source-diff | net-exec-file:dist/node_modules/.pnpm/[email protected]/node_modules/jiti/dist/babel.mjs | AI (source-diff): ESM variant of jiti babel dist; net+exec is inherent to jiti's design as a runtime loader. | ai | |
| source-diff | obfuscated-file:dist/node_modules/.pnpm/[email protected]/node_modules/untyped/dist/loader/babel.mjs | AI (source-diff): ESM variant of untyped babel loader; minified by design. Legitimate package. | ai | |
| source-diff | net-exec-file:dist/node_modules/.pnpm/[email protected]/node_modules/lodash.deburr/index.mjs | AI (source-diff): ESM variant of lodash.deburr; net-exec flag is false positive from rolldown bundler wrapping. | ai | |
| source-diff | obfuscated-file:dist/node_modules/.pnpm/[email protected]/node_modules/jiti/dist/jiti.mjs | AI (source-diff): ESM variant of jiti main dist; minified by design. Legitimate package. | ai | |
| source-diff | large-new-source-files | AI (source-diff): Large file count increase is due to bundling transitive deps (jiti, untyped, acorn, lodash.deburr) into dist/node_modules, replacing removed 'powerlines' runtime dep. Architectural change, not injection. | ai | |
| source-diff | obfuscated-file:dist/node_modules/.pnpm/[email protected]/node_modules/jiti/dist/babel.cjs | AI (source-diff): jiti is a legitimate TypeScript/ESM runtime loader; its dist files are minified by design. Bundled into package dist as a transitive dep replacement for removed 'powerlines' runtime dep. | ai | |
| source-diff | net-exec-file:dist/node_modules/.pnpm/[email protected]/node_modules/jiti/dist/babel.cjs | AI (source-diff): jiti's core purpose is dynamic code loading/execution; net+exec pattern is inherent to its design, not malicious. Legitimate well-known package bundled as transitive dep. | ai | |
| source-diff | obfuscated-file:dist/node_modules/.pnpm/[email protected]/node_modules/untyped/dist/loader/babel.cjs | AI (source-diff): untyped is a legitimate schema generation package from the UnJS ecosystem; minified dist files are expected. Bundled as transitive dep. | ai | |
| phantom-deps | phantom-dep:@stryke/convert | AI (phantom-deps): @stryke/convert is a declared runtime dependency used in config files; phantom-dep false positive for this plugin package pattern. | ai | |
| provenance | publisher-changed | AI (provenance): Transition from stormie-bot to GitHub Actions is a documented CI/CD migration for Storm Software packages; SLSA provenance attestation confirms pipeline integrity. | ai | |
| phantom-deps | phantom-dep:defu | AI (phantom-deps): defu is a declared runtime dependency used in config files; phantom-dep false positive for this plugin package pattern. | ai | |
| phantom-deps | phantom-dep:powerlines | AI (phantom-deps): powerlines is a declared runtime dependency used in config files; phantom-dep false positive for this plugin package pattern. | ai | |
| phantom-deps | phantom-dep:@stryke/path | AI (phantom-deps): @stryke/path is a declared runtime dependency used in config files; phantom-dep false positive for this plugin package pattern. | ai | |
| phantom-deps | phantom-dep:markdown-toc | AI (phantom-deps): markdown-toc is a declared runtime dependency used in config files; phantom-dep false positive for this plugin package pattern. | ai | |
| phantom-deps | phantom-dep:@stryke/types | AI (phantom-deps): @stryke/types is a type-only dependency from Storm Software's own ecosystem; config-file-only references are expected for TypeScript type packages. | ai | |
| phantom-deps | phantom-dep:@stryke/type-checks | AI (phantom-deps): @stryke/type-checks is a type-only dependency from Storm Software's own ecosystem; config-file-only references are expected for TypeScript type packages. | ai |
Versions (showing 51 of 550)
| Version | Deps | Published |
|---|---|---|
| 0.1.588 | 10 / 3 | |
| 0.1.587 | 10 / 3 | |
| 0.1.586 | 10 / 3 | |
| 0.1.585 | 10 / 3 | |
| 0.1.584 | 10 / 3 | |
| 0.1.583 | 10 / 3 | |
| 0.1.582 | 10 / 3 | |
| 0.1.581 | 10 / 3 | |
| 0.1.580 | 10 / 3 | |
| 0.1.579 | 10 / 3 | |
| 0.1.578 | 10 / 3 | |
| 0.1.577 | 10 / 3 | |
| 0.1.576 | 10 / 3 | |
| 0.1.575 | 10 / 3 | |
| 0.1.574 | 10 / 3 | |
| 0.1.573 | 10 / 3 | |
| 0.1.572 | 10 / 3 | |
| 0.1.571 | 10 / 3 | |
| 0.1.570 | 10 / 3 | |
| 0.1.569 | 10 / 3 | |
| 0.1.568 | 10 / 3 | |
| 0.1.567 | 10 / 3 | |
| 0.1.566 | 10 / 3 | |
| 0.1.565 | 10 / 3 | |
| 0.1.564 | 10 / 3 | |
| 0.1.563 | 10 / 3 | |
| 0.1.562 | 10 / 3 | |
| 0.1.561 | 10 / 3 | |
| 0.1.560 | 10 / 3 | |
| 0.1.559 | 10 / 3 | |
| 0.1.558 | 10 / 3 | |
| 0.1.557 | 10 / 3 | |
| 0.1.556 | 10 / 3 | |
| 0.1.555 | 10 / 3 | |
| 0.1.554 | 10 / 3 | |
| 0.1.553 | 10 / 3 | |
| 0.1.552 | 10 / 3 | |
| 0.1.551 | 10 / 3 | |
| 0.1.550 | 10 / 3 | |
| 0.1.549 | 10 / 3 | |
| 0.1.548 | 10 / 3 | |
| 0.1.547 | 10 / 3 | |
| 0.1.546 | 10 / 3 | |
| 0.1.545 | 10 / 3 | |
| 0.1.544 | 10 / 3 | |
| 0.1.542 | 10 / 3 | |
| 0.1.541 | 10 / 3 | |
| 0.1.540 | 10 / 3 | |
| 0.1.539 | 10 / 3 | |
| 0.1.538 | 10 / 3 | |
| 0.1.537 | 10 / 3 |
v0.1.588
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.587
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.586
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.585
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.584
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.583
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.582
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.581
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.580
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.579
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.578
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.577
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.576
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.575
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.574
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.573
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.572
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.571
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.570
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.569
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.568
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.567
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.566
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.565
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.564
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.563
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.562
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.561
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.560
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.559
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.558
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.557
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.556
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.555
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.554
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.553
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.552
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.551
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.550
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.549
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.548
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.547
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.546
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.545
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.544
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.542
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.541
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.540
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.539
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.538
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.537
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.