@powerlines/plugin-automd
A Powerlines plugin to maintain a project's markdown files using AutoMD generators.
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | source-size-tripled | AI (source-diff): 50x size increase explained by bundling jiti (2.3MB), untyped, acorn into dist/node_modules. Legitimate architectural change from runtime dep to self-bundled deps. | ai | |
| source-diff | net-exec-file:dist/node_modules/.pnpm/[email protected]/node_modules/lodash.deburr/index.cjs | AI (source-diff): lodash.deburr is a well-known lodash utility; net-exec flag is a false positive from rolldown bundler wrapping pattern. No actual network calls in lodash.deburr. | ai | |
| source-diff | obfuscated-file:dist/node_modules/.pnpm/[email protected]/node_modules/jiti/dist/jiti.cjs | AI (source-diff): jiti's main dist file is minified by design; legitimate package bundled as transitive dep. | ai | |
| source-diff | obfuscated-file:dist/node_modules/.pnpm/[email protected]/node_modules/jiti/dist/babel.mjs | AI (source-diff): ESM variant of jiti babel dist; minified by design. Legitimate package. | ai | |
| source-diff | net-exec-file:dist/node_modules/.pnpm/[email protected]/node_modules/jiti/dist/babel.mjs | AI (source-diff): ESM variant of jiti babel dist; net+exec is inherent to jiti's design as a runtime loader. | ai | |
| source-diff | obfuscated-file:dist/node_modules/.pnpm/[email protected]/node_modules/untyped/dist/loader/babel.mjs | AI (source-diff): ESM variant of untyped babel loader; minified by design. Legitimate package. | ai | |
| source-diff | net-exec-file:dist/node_modules/.pnpm/[email protected]/node_modules/lodash.deburr/index.mjs | AI (source-diff): ESM variant of lodash.deburr; net-exec flag is false positive from rolldown bundler wrapping. | ai | |
| source-diff | obfuscated-file:dist/node_modules/.pnpm/[email protected]/node_modules/jiti/dist/jiti.mjs | AI (source-diff): ESM variant of jiti main dist; minified by design. Legitimate package. | ai | |
| source-diff | large-new-source-files | AI (source-diff): Large file count increase is due to bundling transitive deps (jiti, untyped, acorn, lodash.deburr) into dist/node_modules, replacing removed 'powerlines' runtime dep. Architectural change, not injection. | ai | |
| source-diff | obfuscated-file:dist/node_modules/.pnpm/[email protected]/node_modules/jiti/dist/babel.cjs | AI (source-diff): jiti is a legitimate TypeScript/ESM runtime loader; its dist files are minified by design. Bundled into package dist as a transitive dep replacement for removed 'powerlines' runtime dep. | ai | |
| source-diff | net-exec-file:dist/node_modules/.pnpm/[email protected]/node_modules/jiti/dist/babel.cjs | AI (source-diff): jiti's core purpose is dynamic code loading/execution; net+exec pattern is inherent to its design, not malicious. Legitimate well-known package bundled as transitive dep. | ai | |
| source-diff | obfuscated-file:dist/node_modules/.pnpm/[email protected]/node_modules/untyped/dist/loader/babel.cjs | AI (source-diff): untyped is a legitimate schema generation package from the UnJS ecosystem; minified dist files are expected. Bundled as transitive dep. | ai | |
| phantom-deps | phantom-dep:@stryke/convert | AI (phantom-deps): @stryke/convert is a declared runtime dependency used in config files; phantom-dep false positive for this plugin package pattern. | ai | |
| provenance | publisher-changed | AI (provenance): Transition from stormie-bot to GitHub Actions is a documented CI/CD migration for Storm Software packages; SLSA provenance attestation confirms pipeline integrity. | ai | |
| phantom-deps | phantom-dep:defu | AI (phantom-deps): defu is a declared runtime dependency used in config files; phantom-dep false positive for this plugin package pattern. | ai | |
| phantom-deps | phantom-dep:powerlines | AI (phantom-deps): powerlines is a declared runtime dependency used in config files; phantom-dep false positive for this plugin package pattern. | ai | |
| phantom-deps | phantom-dep:@stryke/path | AI (phantom-deps): @stryke/path is a declared runtime dependency used in config files; phantom-dep false positive for this plugin package pattern. | ai | |
| phantom-deps | phantom-dep:markdown-toc | AI (phantom-deps): markdown-toc is a declared runtime dependency used in config files; phantom-dep false positive for this plugin package pattern. | ai | |
| phantom-deps | phantom-dep:@stryke/types | AI (phantom-deps): @stryke/types is a type-only dependency from Storm Software's own ecosystem; config-file-only references are expected for TypeScript type packages. | ai | |
| phantom-deps | phantom-dep:@stryke/type-checks | AI (phantom-deps): @stryke/type-checks is a type-only dependency from Storm Software's own ecosystem; config-file-only references are expected for TypeScript type packages. | ai |
Versions (showing 100 of 562)
| Version | Deps | Published |
|---|---|---|
| 0.1.477 | 8 / 3 | |
| 0.1.476 | 8 / 3 | |
| 0.1.475 | 8 / 3 | |
| 0.1.474 | 8 / 3 | |
| 0.1.473 | 8 / 3 | |
| 0.1.472 | 8 / 3 | |
| 0.1.471 | 8 / 3 | |
| 0.1.470 | 8 / 3 | |
| 0.1.469 | 8 / 3 | |
| 0.1.468 | 8 / 3 | |
| 0.1.465 | 8 / 3 | |
| 0.1.464 | 8 / 3 | |
| 0.1.463 | 8 / 3 | |
| 0.1.462 | 8 / 3 | |
| 0.1.461 | 8 / 3 | |
| 0.1.459 | 8 / 3 | |
| 0.1.458 | 8 / 3 | |
| 0.1.457 | 8 / 3 | |
| 0.1.456 | 8 / 3 | |
| 0.1.455 | 8 / 3 | |
| 0.1.454 | 8 / 3 | |
| 0.1.453 | 8 / 3 | |
| 0.1.452 | 8 / 3 | |
| 0.1.451 | 8 / 3 | |
| 0.1.450 | 8 / 3 | |
| 0.1.449 | 8 / 3 | |
| 0.1.448 | 8 / 3 | |
| 0.1.447 | 8 / 3 | |
| 0.1.446 | 8 / 3 | |
| 0.1.445 | 8 / 3 | |
| 0.1.444 | 8 / 3 | |
| 0.1.443 | 8 / 3 | |
| 0.1.442 | 8 / 3 | |
| 0.1.441 | 8 / 3 | |
| 0.1.440 | 8 / 3 | |
| 0.1.439 | 8 / 3 | |
| 0.1.438 | 8 / 3 | |
| 0.1.437 | 8 / 3 | |
| 0.1.436 | 8 / 3 | |
| 0.1.435 | 8 / 3 | |
| 0.1.434 | 8 / 3 | |
| 0.1.432 | 8 / 3 | |
| 0.1.431 | 8 / 3 | |
| 0.1.430 | 8 / 3 | |
| 0.1.429 | 8 / 3 | |
| 0.1.428 | 8 / 3 | |
| 0.1.427 | 8 / 3 | |
| 0.1.426 | 8 / 3 | |
| 0.1.425 | 8 / 3 | |
| 0.1.424 | 8 / 3 | |
| 0.1.423 | 8 / 3 | |
| 0.1.422 | 8 / 3 | |
| 0.1.421 | 8 / 3 | |
| 0.1.420 | 8 / 3 | |
| 0.1.419 | 8 / 3 | |
| 0.1.418 | 8 / 3 | |
| 0.1.417 | 8 / 3 | |
| 0.1.416 | 8 / 3 | |
| 0.1.415 | 8 / 3 | |
| 0.1.414 | 8 / 3 | |
| 0.1.413 | 8 / 3 | |
| 0.1.412 | 8 / 3 | |
| 0.1.411 | 8 / 3 | |
| 0.1.410 | 8 / 3 | |
| 0.1.409 | 8 / 3 | |
| 0.1.408 | 8 / 3 | |
| 0.1.406 | 8 / 3 | |
| 0.1.405 | 8 / 3 | |
| 0.1.404 | 8 / 3 | |
| 0.1.403 | 8 / 3 | |
| 0.1.402 | 8 / 3 | |
| 0.1.401 | 8 / 3 | |
| 0.1.400 | 8 / 3 | |
| 0.1.399 | 8 / 3 | |
| 0.1.398 | 8 / 3 | |
| 0.1.397 | 8 / 3 | |
| 0.1.396 | 8 / 3 | |
| 0.1.395 | 8 / 3 | |
| 0.1.394 | 8 / 3 | |
| 0.1.393 | 8 / 3 | |
| 0.1.392 | 8 / 3 | |
| 0.1.391 | 8 / 3 | |
| 0.1.390 | 8 / 3 | |
| 0.1.389 | 8 / 3 | |
| 0.1.388 | 8 / 3 | |
| 0.1.387 | 8 / 3 | |
| 0.1.386 | 8 / 3 | |
| 0.1.385 | 8 / 3 | |
| 0.1.384 | 8 / 3 | |
| 0.1.383 | 8 / 3 | |
| 0.1.382 | 8 / 3 | |
| 0.1.381 | 8 / 3 | |
| 0.1.380 | 8 / 3 | |
| 0.1.379 | 8 / 3 | |
| 0.1.378 | 8 / 3 | |
| 0.1.377 | 8 / 3 | |
| 0.1.376 | 8 / 3 | |
| 0.1.375 | 8 / 3 | |
| 0.1.374 | 8 / 3 | |
| 0.1.373 | 8 / 3 |
v0.1.477
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.476
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.475
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.474
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.473
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.472
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.471
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.470
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.469
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.468
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.465
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.464
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.463
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.462
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.461
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.459
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.458
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.457
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.456
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.455
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.454
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.453
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.452
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.451
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.450
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.449
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.435
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.434
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.432
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.431
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.430
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.429
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.428
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.427
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.426
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.425
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.424
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.423
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.422
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.421
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.420
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.378
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.376
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.375
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.374
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.373
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.