@powerlines/plugin-biome
A package containing a Powerlines plugin for running Biome linting on the codebase.
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/index.mjs | AI (source-diff): dist/index.mjs is standard bundler (tsup) minified output — fully readable logic, no malicious patterns. False positive for this package's build pipeline. | ai | |
| source-diff | obfuscated-file:dist/index.cjs | AI (source-diff): dist/index.cjs is standard tsup-minified output for this plugin package; code is fully readable and benign. Not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/index.js | AI (source-diff): dist/index.js is standard tsup-minified output for this plugin package; code is fully readable and benign. Not obfuscation. | ai | |
| provenance | publisher-changed | AI (provenance): Publisher changed from stormie-bot to GitHub Actions, consistent with org migration to automated CI/CD. SLSA provenance attestation confirms controlled publish pipeline for Storm Software. | ai | |
| phantom-deps | phantom-dep:@stryke/path | AI (phantom-deps): @stryke/path is a legitimate dependency used by the plugin; declared in package.json. | ai | |
| phantom-deps | phantom-dep:@stryke/convert | AI (phantom-deps): @stryke/convert is a legitimate dependency used by the plugin; declared in package.json. | ai | |
| phantom-deps | phantom-dep:defu | AI (phantom-deps): defu is a legitimate dependency used in the plugin's runtime; declared and properly managed. | ai | |
| phantom-deps | phantom-dep:@storm-software/config-tools | AI (phantom-deps): @storm-software/config-tools is a legitimate dependency used by the plugin; declared in package.json. | ai | |
| phantom-deps | phantom-dep:@stryke/fs | AI (phantom-deps): @stryke/fs is a legitimate dependency used by the plugin; declared in package.json. | ai | |
| phantom-deps | phantom-dep:powerlines | AI (phantom-deps): powerlines is the core framework this plugin extends; legitimate dependency. | ai | |
| phantom-deps | phantom-dep:@stryke/cli | AI (phantom-deps): @stryke/cli is a legitimate dependency used by the plugin; declared in package.json. | ai |
Versions (showing 36 of 448)
| Version | Deps | Published |
|---|---|---|
| 0.2.37 | 7 / 4 | |
| 0.2.36 | 7 / 4 | |
| 0.2.35 | 7 / 4 | |
| 0.2.34 | 7 / 4 | |
| 0.2.33 | 7 / 4 | |
| 0.2.32 | 7 / 4 | |
| 0.2.31 | 7 / 4 | |
| 0.2.29 | 7 / 4 | |
| 0.2.28 | 7 / 4 | |
| 0.2.27 | 7 / 4 | |
| 0.2.26 | 7 / 4 | |
| 0.2.25 | 7 / 4 | |
| 0.2.24 | 7 / 4 | |
| 0.2.21 | 7 / 4 | |
| 0.2.20 | 7 / 4 | |
| 0.2.19 | 7 / 4 | |
| 0.2.18 | 7 / 4 | |
| 0.2.17 | 7 / 4 | |
| 0.2.16 | 7 / 4 | |
| 0.2.15 | 7 / 4 | |
| 0.2.14 | 7 / 4 | |
| 0.2.13 | 7 / 4 | |
| 0.2.12 | 7 / 4 | |
| 0.2.11 | 7 / 4 | |
| 0.2.10 | 7 / 4 | |
| 0.2.9 | 7 / 4 | |
| 0.2.8 | 7 / 4 | |
| 0.2.7 | 7 / 4 | |
| 0.2.6 | 7 / 4 | |
| 0.2.5 | 7 / 4 | |
| 0.2.4 | 7 / 4 | |
| 0.2.3 | 7 / 4 | |
| 0.2.2 | 7 / 4 | |
| 0.2.1 | 7 / 4 | |
| 0.2.0 | 7 / 4 | |
| 0.1.0 | 7 / 4 |
v0.2.35
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.33
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.31
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.29
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.28
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.26
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.24
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.19
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.16
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.14
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.9
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.