← Home

@powerlines/plugin-esbuild

npm Repository Homepage

A package containing a Powerlines plugin to build projects using esbuild.

100
Versions
Apache-2.0
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

stormie-botsullivanpj

Keywords

esbuildpowerlinesstorm-softwarepowerlines-plugin

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
source-diff obfuscated-file:dist/powerlines/src/lib/contexts/api-context.mjs AI (source-diff): Rolldown-bundled output; minified but readable, no obfuscation or exfiltration patterns. ai
source-diff obfuscated-file:dist/powerlines/src/lib/contexts/api-context.cjs AI (source-diff): Rolldown-bundled output; minified but readable, no obfuscation or exfiltration patterns. ai
source-diff obfuscated-file:dist/unplugin-BPYypLp5.mjs AI (source-diff): Standard bundler-generated minified ESM chunk; content shows normal imports, no malicious patterns. ai
source-diff obfuscated-file:dist/unplugin-B6foST-E.cjs AI (source-diff): Standard bundler-generated minified chunk; content shows normal imports, no malicious patterns. ai
dependencies unvetted-dep:@powerlines/unplugin AI (dependencies): First-party @powerlines org dep from same Storm Software monorepo; consistent naming and publisher. ai
provenance publisher-changed AI (provenance): Transition from stormie-bot to GitHub Actions is a legitimate CI/CD migration, corroborated by SLSA provenance attestation on this and subsequent versions. ai
source-diff obfuscated-file:dist/powerlines/src/lib/contexts/context.cjs AI (source-diff): Bundler output; code is readable plugin/context lifecycle logic using known packages. No malicious indicators. ai
source-diff obfuscated-file:dist/powerlines/src/api.cjs AI (source-diff): Bundler (rolldown) output — long lines are minified CJS modules with readable require() calls and no malicious patterns. Consistent with Storm Software's build toolchain. ai
source-diff obfuscated-file:dist/powerlines/src/lib/contexts/environment-context.cjs AI (source-diff): Bundler output; implements plugin environment context with standard patterns. No malicious indicators. ai
source-diff obfuscated-file:dist/powerlines/schemas/fs.cjs AI (source-diff): Bundler output; implements Cap'n Proto schema structs using @stryke/capnp. No malicious indicators. ai
source-diff obfuscated-file:dist/powerlines/src/internal/helpers/resolve-tsconfig.cjs AI (source-diff): Bundler output; implements TypeScript config resolution logic. No malicious indicators. ai
source-diff obfuscated-file:dist/powerlines/src/lib/fs/vfs.cjs AI (source-diff): Bundler output; implements virtual filesystem abstraction. No malicious indicators. ai
phantom-deps phantom-dep:@stryke/path AI (phantom-deps): @stryke/path is a utility dependency used transitively; phantom-dep pattern acceptable for utility libraries. ai
phantom-deps phantom-dep:@stryke/type-checks AI (phantom-deps): @stryke/type-checks is a utility dependency used transitively; phantom-dep pattern acceptable for utility libraries. ai
phantom-deps phantom-dep:powerlines AI (phantom-deps): powerlines is the core framework this plugin extends; phantom-dep pattern expected for plugin architecture. ai
phantom-deps phantom-dep:defu AI (phantom-deps): defu is a legitimate dependency used in config merging; phantom-dep pattern is expected for plugin/config tools. ai
phantom-deps phantom-dep:jiti AI (phantom-deps): jiti is declared as a runtime dependency and used in config files; phantom-dep flag is a false positive for this package's usage pattern. ai
phantom-deps phantom-dep:@stryke/fs AI (phantom-deps): @stryke/fs is a sibling Storm Software package declared as a dependency; phantom-dep flag reflects indirect/config usage, not a security concern. ai
provenance slsa-provenance AI (provenance): Package consistently published via CI/CD with Sigstore SLSA provenance attestation — strong supply chain integrity signal for this package. ai

Versions (showing 100 of 442)

Version Deps Published
0.13.471 10 / 2
0.13.470 10 / 2
0.13.469 10 / 2
0.13.468 10 / 2
0.13.467 10 / 2
0.13.466 10 / 2
0.13.465 10 / 2
0.13.464 10 / 2
0.13.463 10 / 2
0.13.460 9 / 2
0.13.459 9 / 2
0.13.458 9 / 2
0.13.456 9 / 2
0.13.455 9 / 2
0.13.454 9 / 2
0.13.453 9 / 2
0.13.452 9 / 2
0.13.451 9 / 2
0.13.450 9 / 2
0.13.449 9 / 2
0.13.448 9 / 2
0.13.447 9 / 2
0.13.446 9 / 2
0.13.445 9 / 2
0.13.444 8 / 2
0.13.443 8 / 2
0.13.442 8 / 2
0.13.441 8 / 2
0.13.440 8 / 2
0.13.439 8 / 2
0.13.438 8 / 2
0.13.437 8 / 2
0.13.436 8 / 2
0.13.435 8 / 2
0.13.434 8 / 2
0.13.433 8 / 2
0.13.432 8 / 2
0.13.431 8 / 2
0.13.430 8 / 2
0.13.429 8 / 2
0.13.428 8 / 2
0.13.427 8 / 2
0.13.426 8 / 2
0.13.425 8 / 2
0.13.424 8 / 2
0.13.423 8 / 2
0.13.422 8 / 2
0.13.421 8 / 2
0.13.420 8 / 2
0.13.419 8 / 2
0.13.418 8 / 2
0.13.417 8 / 2
0.13.416 8 / 2
0.13.415 8 / 2
0.13.414 8 / 2
0.13.413 8 / 2
0.13.412 8 / 2
0.13.411 8 / 2
0.13.410 8 / 2
0.13.409 8 / 2
0.13.408 8 / 2
0.13.407 8 / 2
0.13.406 8 / 2
0.13.405 8 / 2
0.13.404 8 / 2
0.13.403 8 / 2
0.13.402 8 / 2
0.13.401 8 / 2
0.13.400 8 / 2
0.13.399 8 / 2
0.13.398 8 / 2
0.13.397 8 / 2
0.13.396 8 / 2
0.13.395 8 / 2
0.13.394 8 / 2
0.13.393 8 / 2
0.13.392 8 / 2
0.13.391 8 / 2
0.13.390 8 / 2
0.13.389 8 / 2
0.13.388 8 / 2
0.13.387 8 / 2
0.13.386 8 / 2
0.13.385 8 / 2
0.13.384 8 / 2
0.13.383 8 / 2
0.13.382 8 / 2
0.13.381 8 / 2
0.13.380 8 / 2
0.13.379 8 / 2
0.13.378 8 / 2
0.13.377 8 / 2
0.13.376 8 / 2
0.13.375 8 / 2
0.13.374 8 / 2
0.13.373 8 / 2
0.13.372 8 / 2
0.13.371 8 / 2
0.13.370 8 / 2
0.13.369 8 / 2
Showing 100 of 442 Next page →

v0.13.471

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.470

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.469

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.468

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.467

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.466

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.465

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.464

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.463

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.460

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.459

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.458

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.456

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.455

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.454

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.453

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.452

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.451

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.450

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.449

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.448

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.447

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.446

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.421

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.420

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.419

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.418

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.417

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.416

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.415

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.414

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.413

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.412

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.411

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.410

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.409

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.408

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.407

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.406

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.405

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.404

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.403

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.402

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.401

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.400

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.399

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.398

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.397

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.396

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.395

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.394

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.393

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.392

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.391

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.390

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.389

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.388

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.387

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.386

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.385

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.384

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.383

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.382

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.381

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.380

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.379

2 findings
HIGH Publisher changed: stormie-bot → GitHub Actions (on 2026-03-23) provenance

This version was published by a different npm account than previous versions on 2026-03-23. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.378

2 findings
HIGH Publisher changed: stormie-bot → GitHub Actions (on 2026-03-23) provenance

This version was published by a different npm account than previous versions on 2026-03-23. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.377

2 findings
HIGH Publisher changed: stormie-bot → GitHub Actions (on 2026-03-23) provenance

This version was published by a different npm account than previous versions on 2026-03-23. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.376

2 findings
HIGH Publisher changed: stormie-bot → GitHub Actions (on 2026-03-23) provenance

This version was published by a different npm account than previous versions on 2026-03-23. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.375

2 findings
HIGH Publisher changed: stormie-bot → GitHub Actions (on 2026-03-22) provenance

This version was published by a different npm account than previous versions on 2026-03-22. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.374

2 findings
HIGH Publisher changed: stormie-bot → GitHub Actions (on 2026-03-22) provenance

This version was published by a different npm account than previous versions on 2026-03-22. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.373

2 findings
HIGH Publisher changed: stormie-bot → GitHub Actions (on 2026-03-22) provenance

This version was published by a different npm account than previous versions on 2026-03-22. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.372

2 findings
HIGH Publisher changed: stormie-bot → GitHub Actions (on 2026-03-22) provenance

This version was published by a different npm account than previous versions on 2026-03-22. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.371

2 findings
HIGH Publisher changed: stormie-bot → GitHub Actions (on 2026-03-21) provenance

This version was published by a different npm account than previous versions on 2026-03-21. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.370

2 findings
HIGH Publisher changed: stormie-bot → GitHub Actions (on 2026-03-19) provenance

This version was published by a different npm account than previous versions on 2026-03-19. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.369

2 findings
HIGH Publisher changed: stormie-bot → GitHub Actions (on 2026-03-19) provenance

This version was published by a different npm account than previous versions on 2026-03-19. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.