@powerlines/plugin-automd
A Powerlines plugin to maintain a project's markdown files using AutoMD generators.
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | source-size-tripled | AI (source-diff): 50x size increase explained by bundling jiti (2.3MB), untyped, acorn into dist/node_modules. Legitimate architectural change from runtime dep to self-bundled deps. | ai | |
| source-diff | net-exec-file:dist/node_modules/.pnpm/[email protected]/node_modules/lodash.deburr/index.cjs | AI (source-diff): lodash.deburr is a well-known lodash utility; net-exec flag is a false positive from rolldown bundler wrapping pattern. No actual network calls in lodash.deburr. | ai | |
| source-diff | obfuscated-file:dist/node_modules/.pnpm/[email protected]/node_modules/jiti/dist/jiti.cjs | AI (source-diff): jiti's main dist file is minified by design; legitimate package bundled as transitive dep. | ai | |
| source-diff | obfuscated-file:dist/node_modules/.pnpm/[email protected]/node_modules/jiti/dist/babel.mjs | AI (source-diff): ESM variant of jiti babel dist; minified by design. Legitimate package. | ai | |
| source-diff | net-exec-file:dist/node_modules/.pnpm/[email protected]/node_modules/jiti/dist/babel.mjs | AI (source-diff): ESM variant of jiti babel dist; net+exec is inherent to jiti's design as a runtime loader. | ai | |
| source-diff | obfuscated-file:dist/node_modules/.pnpm/[email protected]/node_modules/untyped/dist/loader/babel.mjs | AI (source-diff): ESM variant of untyped babel loader; minified by design. Legitimate package. | ai | |
| source-diff | net-exec-file:dist/node_modules/.pnpm/[email protected]/node_modules/lodash.deburr/index.mjs | AI (source-diff): ESM variant of lodash.deburr; net-exec flag is false positive from rolldown bundler wrapping. | ai | |
| source-diff | obfuscated-file:dist/node_modules/.pnpm/[email protected]/node_modules/jiti/dist/jiti.mjs | AI (source-diff): ESM variant of jiti main dist; minified by design. Legitimate package. | ai | |
| source-diff | large-new-source-files | AI (source-diff): Large file count increase is due to bundling transitive deps (jiti, untyped, acorn, lodash.deburr) into dist/node_modules, replacing removed 'powerlines' runtime dep. Architectural change, not injection. | ai | |
| source-diff | obfuscated-file:dist/node_modules/.pnpm/[email protected]/node_modules/jiti/dist/babel.cjs | AI (source-diff): jiti is a legitimate TypeScript/ESM runtime loader; its dist files are minified by design. Bundled into package dist as a transitive dep replacement for removed 'powerlines' runtime dep. | ai | |
| source-diff | net-exec-file:dist/node_modules/.pnpm/[email protected]/node_modules/jiti/dist/babel.cjs | AI (source-diff): jiti's core purpose is dynamic code loading/execution; net+exec pattern is inherent to its design, not malicious. Legitimate well-known package bundled as transitive dep. | ai | |
| source-diff | obfuscated-file:dist/node_modules/.pnpm/[email protected]/node_modules/untyped/dist/loader/babel.cjs | AI (source-diff): untyped is a legitimate schema generation package from the UnJS ecosystem; minified dist files are expected. Bundled as transitive dep. | ai | |
| phantom-deps | phantom-dep:@stryke/convert | AI (phantom-deps): @stryke/convert is a declared runtime dependency used in config files; phantom-dep false positive for this plugin package pattern. | ai | |
| provenance | publisher-changed | AI (provenance): Transition from stormie-bot to GitHub Actions is a documented CI/CD migration for Storm Software packages; SLSA provenance attestation confirms pipeline integrity. | ai | |
| phantom-deps | phantom-dep:defu | AI (phantom-deps): defu is a declared runtime dependency used in config files; phantom-dep false positive for this plugin package pattern. | ai | |
| phantom-deps | phantom-dep:powerlines | AI (phantom-deps): powerlines is a declared runtime dependency used in config files; phantom-dep false positive for this plugin package pattern. | ai | |
| phantom-deps | phantom-dep:@stryke/path | AI (phantom-deps): @stryke/path is a declared runtime dependency used in config files; phantom-dep false positive for this plugin package pattern. | ai | |
| phantom-deps | phantom-dep:markdown-toc | AI (phantom-deps): markdown-toc is a declared runtime dependency used in config files; phantom-dep false positive for this plugin package pattern. | ai | |
| phantom-deps | phantom-dep:@stryke/types | AI (phantom-deps): @stryke/types is a type-only dependency from Storm Software's own ecosystem; config-file-only references are expected for TypeScript type packages. | ai | |
| phantom-deps | phantom-dep:@stryke/type-checks | AI (phantom-deps): @stryke/type-checks is a type-only dependency from Storm Software's own ecosystem; config-file-only references are expected for TypeScript type packages. | ai |
Versions (showing 100 of 562)
| Version | Deps | Published |
|---|---|---|
| 0.1.152 | 9 / 3 | |
| 0.1.151 | 9 / 3 | |
| 0.1.150 | 9 / 3 | |
| 0.1.149 | 9 / 3 | |
| 0.1.148 | 9 / 3 | |
| 0.1.147 | 9 / 3 | |
| 0.1.146 | 9 / 3 | |
| 0.1.145 | 9 / 3 | |
| 0.1.144 | 9 / 3 | |
| 0.1.143 | 9 / 3 | |
| 0.1.142 | 9 / 3 | |
| 0.1.141 | 9 / 3 | |
| 0.1.140 | 9 / 3 | |
| 0.1.139 | 9 / 3 | |
| 0.1.138 | 9 / 3 | |
| 0.1.137 | 9 / 3 | |
| 0.1.136 | 9 / 3 | |
| 0.1.135 | 9 / 3 | |
| 0.1.134 | 9 / 3 | |
| 0.1.133 | 9 / 3 | |
| 0.1.132 | 9 / 3 | |
| 0.1.131 | 9 / 3 | |
| 0.1.130 | 9 / 3 | |
| 0.1.129 | 9 / 3 | |
| 0.1.128 | 9 / 4 | |
| 0.1.127 | 9 / 4 | |
| 0.1.126 | 9 / 4 | |
| 0.1.125 | 9 / 4 | |
| 0.1.124 | 9 / 4 | |
| 0.1.123 | 9 / 4 | |
| 0.1.122 | 9 / 4 | |
| 0.1.121 | 9 / 4 | |
| 0.1.120 | 9 / 4 | |
| 0.1.119 | 9 / 4 | |
| 0.1.118 | 9 / 4 | |
| 0.1.117 | 9 / 4 | |
| 0.1.116 | 9 / 4 | |
| 0.1.115 | 9 / 4 | |
| 0.1.114 | 9 / 4 | |
| 0.1.113 | 9 / 4 | |
| 0.1.112 | 9 / 4 | |
| 0.1.111 | 9 / 4 | |
| 0.1.110 | 9 / 4 | |
| 0.1.109 | 9 / 4 | |
| 0.1.108 | 9 / 4 | |
| 0.1.107 | 9 / 4 | |
| 0.1.106 | 9 / 4 | |
| 0.1.105 | 9 / 4 | |
| 0.1.104 | 9 / 4 | |
| 0.1.103 | 9 / 4 | |
| 0.1.102 | 9 / 4 | |
| 0.1.101 | 9 / 4 | |
| 0.1.100 | 9 / 4 | |
| 0.1.99 | 9 / 4 | |
| 0.1.98 | 9 / 4 | |
| 0.1.97 | 9 / 4 | |
| 0.1.96 | 9 / 4 | |
| 0.1.95 | 9 / 4 | |
| 0.1.94 | 9 / 4 | |
| 0.1.93 | 9 / 4 | |
| 0.1.92 | 9 / 4 | |
| 0.1.91 | 9 / 4 | |
| 0.1.90 | 9 / 4 | |
| 0.1.89 | 9 / 4 | |
| 0.1.88 | 9 / 4 | |
| 0.1.87 | 9 / 4 | |
| 0.1.86 | 9 / 4 | |
| 0.1.85 | 9 / 4 | |
| 0.1.84 | 9 / 4 | |
| 0.1.83 | 9 / 4 | |
| 0.1.82 | 9 / 4 | |
| 0.1.81 | 9 / 4 | |
| 0.1.80 | 9 / 4 | |
| 0.1.79 | 9 / 4 | |
| 0.1.78 | 9 / 4 | |
| 0.1.77 | 9 / 4 | |
| 0.1.76 | 9 / 4 | |
| 0.1.75 | 9 / 4 | |
| 0.1.74 | 9 / 4 | |
| 0.1.73 | 9 / 4 | |
| 0.1.72 | 9 / 4 | |
| 0.1.71 | 9 / 4 | |
| 0.1.70 | 9 / 4 | |
| 0.1.69 | 9 / 4 | |
| 0.1.68 | 9 / 4 | |
| 0.1.67 | 9 / 4 | |
| 0.1.66 | 9 / 4 | |
| 0.1.65 | 9 / 4 | |
| 0.1.64 | 9 / 4 | |
| 0.1.63 | 9 / 4 | |
| 0.1.62 | 9 / 4 | |
| 0.1.61 | 9 / 4 | |
| 0.1.60 | 9 / 4 | |
| 0.1.59 | 9 / 4 | |
| 0.1.58 | 9 / 4 | |
| 0.1.57 | 9 / 4 | |
| 0.1.56 | 9 / 4 | |
| 0.1.55 | 9 / 4 | |
| 0.1.54 | 9 / 4 | |
| 0.1.53 | 9 / 4 |
v0.1.151
11 findingsThis version was published by a different npm account than previous versions on 2026-01-14. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.149
11 findingsThis version was published by a different npm account than previous versions on 2026-01-14. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.147
11 findingsThis version was published by a different npm account than previous versions on 2026-01-14. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.145
11 findingsThis version was published by a different npm account than previous versions on 2026-01-14. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.143
11 findingsThis version was published by a different npm account than previous versions on 2026-01-11. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.141
11 findingsThis version was published by a different npm account than previous versions on 2026-01-08. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.128
2 findingsThis version was published by a different npm account than previous versions on 2026-01-06. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.127
2 findingsThis version was published by a different npm account than previous versions on 2026-01-06. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.126
2 findingsThis version was published by a different npm account than previous versions on 2026-01-06. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.125
2 findingsThis version was published by a different npm account than previous versions on 2026-01-02. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.124
2 findingsThis version was published by a different npm account than previous versions on 2026-01-02. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.123
2 findingsThis version was published by a different npm account than previous versions on 2025-12-31. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.122
2 findingsThis version was published by a different npm account than previous versions on 2025-12-31. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.121
2 findingsThis version was published by a different npm account than previous versions on 2025-12-31. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.120
2 findingsThis version was published by a different npm account than previous versions on 2025-12-31. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.119
2 findingsThis version was published by a different npm account than previous versions on 2025-12-31. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.118
2 findingsThis version was published by a different npm account than previous versions on 2025-12-30. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.117
2 findingsThis version was published by a different npm account than previous versions on 2025-12-30. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.115
2 findingsThis version was published by a different npm account than previous versions on 2025-12-30. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.114
2 findingsThis version was published by a different npm account than previous versions on 2025-12-30. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.113
2 findingsThis version was published by a different npm account than previous versions on 2025-12-30. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.112
2 findingsThis version was published by a different npm account than previous versions on 2025-12-30. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.111
2 findingsThis version was published by a different npm account than previous versions on 2025-12-30. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.110
2 findingsThis version was published by a different npm account than previous versions on 2025-12-30. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.109
2 findingsThis version was published by a different npm account than previous versions on 2025-12-29. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.108
2 findingsThis version was published by a different npm account than previous versions on 2025-12-29. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.107
2 findingsThis version was published by a different npm account than previous versions on 2025-12-29. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.106
2 findingsThis version was published by a different npm account than previous versions on 2025-12-28. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.105
2 findingsThis version was published by a different npm account than previous versions on 2025-12-28. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.104
2 findingsThis version was published by a different npm account than previous versions on 2025-12-28. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.103
2 findingsThis version was published by a different npm account than previous versions on 2025-12-28. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.102
2 findingsThis version was published by a different npm account than previous versions on 2025-12-28. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.101
2 findingsThis version was published by a different npm account than previous versions on 2025-12-23. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.100
2 findingsThis version was published by a different npm account than previous versions on 2025-12-23. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.99
2 findingsThis version was published by a different npm account than previous versions on 2025-12-23. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.98
2 findingsThis version was published by a different npm account than previous versions on 2025-12-23. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.97
2 findingsThis version was published by a different npm account than previous versions on 2025-12-23. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.96
2 findingsThis version was published by a different npm account than previous versions on 2025-12-23. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.94
2 findingsThis version was published by a different npm account than previous versions on 2025-12-22. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.93
2 findingsThis version was published by a different npm account than previous versions on 2025-12-22. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.92
2 findingsThis version was published by a different npm account than previous versions on 2025-12-22. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.91
2 findingsThis version was published by a different npm account than previous versions on 2025-12-22. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.90
2 findingsThis version was published by a different npm account than previous versions on 2025-12-22. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.89
2 findingsThis version was published by a different npm account than previous versions on 2025-12-22. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.88
2 findingsThis version was published by a different npm account than previous versions on 2025-12-22. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.87
2 findingsThis version was published by a different npm account than previous versions on 2025-12-22. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.86
2 findingsThis version was published by a different npm account than previous versions on 2025-12-22. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.85
2 findingsThis version was published by a different npm account than previous versions on 2025-12-22. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.84
2 findingsThis version was published by a different npm account than previous versions on 2025-12-21. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.83
2 findingsThis version was published by a different npm account than previous versions on 2025-12-20. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.81
2 findingsThis version was published by a different npm account than previous versions on 2025-12-19. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.80
2 findingsThis version was published by a different npm account than previous versions on 2025-12-19. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.79
2 findingsThis version was published by a different npm account than previous versions on 2025-12-19. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.78
2 findingsThis version was published by a different npm account than previous versions on 2025-12-19. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.72
2 findingsThis version was published by a different npm account than previous versions on 2025-12-18. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.71
2 findingsThis version was published by a different npm account than previous versions on 2025-12-17. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.70
2 findingsThis version was published by a different npm account than previous versions on 2025-12-17. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.69
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.68
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.67
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.66
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.65
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.64
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.63
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.62
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.61
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.60
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.59
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.58
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.57
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.56
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.55
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.54
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.53
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.