@powerlines/plugin-nitro
A package containing a Powerlines plugin for creating a server application that runs on Nitro.
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | publisher-changed | AI (provenance): stormie-bot is the established bot publisher for storm-software org with 2775 approved packages; transition from GH Actions is expected. | ai | |
| source-diff | source-size-dropped | AI (source-diff): Build artifact variance; no code replacement detected in prior versions. | ai | |
| phantom-deps | phantom-dep:nitro | AI (phantom-deps): Config-file reference; stable pattern for this plugin package. | ai | |
| dependencies | unvetted-dep:nitro | AI (dependencies): nitro is a legitimate server framework by the UnJS/Nuxt team. The alpha version pin is a stability concern, not a security risk. This package is explicitly a Nitro plugin, so the dependency is expected and intentional. | ai | |
| phantom-deps | phantom-dep:powerlines | AI (phantom-deps): powerlines is the host framework this plugin targets; declared as peer/config dep rather than directly imported. Expected pattern. | ai | |
| phantom-deps | phantom-dep:defu | AI (phantom-deps): Plugin/tooling package pattern — deps declared for consumer use or config files, not direct imports. Stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@stryke/path | AI (phantom-deps): Part of Storm Software's @stryke utility ecosystem; used in config/build context rather than direct imports. Stable false positive. | ai | |
| phantom-deps | phantom-dep:@stryke/fs | AI (phantom-deps): Declared dep used via config files in a plugin/tooling package; indirect usage pattern is expected for this ecosystem. | ai | |
| phantom-deps | phantom-dep:@storm-software/config-tools | AI (phantom-deps): Declared dep used via config files in a plugin/tooling package; indirect usage pattern is expected for this ecosystem. | ai | |
| phantom-deps | phantom-dep:@stryke/convert | AI (phantom-deps): Declared dep used via config files in a plugin/tooling package; indirect usage pattern is expected for this ecosystem. | ai | |
| phantom-deps | phantom-dep:@stryke/cli | AI (phantom-deps): Declared dep used via config files in a plugin/tooling package; indirect usage pattern is expected for this ecosystem. | ai |
Versions (showing 51 of 136)
| Version | Deps | Published |
|---|---|---|
| 0.1.410 | 8 / 2 | |
| 0.1.401 | 8 / 2 | |
| 0.1.400 | 8 / 2 | |
| 0.1.398 | 8 / 2 | |
| 0.1.397 | 8 / 2 | |
| 0.1.396 | 8 / 2 | |
| 0.1.395 | 8 / 2 | |
| 0.1.394 | 8 / 2 | |
| 0.1.393 | 8 / 2 | |
| 0.1.392 | 8 / 2 | |
| 0.1.391 | 8 / 2 | |
| 0.1.389 | 8 / 2 | |
| 0.1.388 | 8 / 2 | |
| 0.1.387 | 8 / 2 | |
| 0.1.385 | 8 / 2 | |
| 0.1.384 | 8 / 2 | |
| 0.1.383 | 8 / 2 | |
| 0.1.382 | 8 / 2 | |
| 0.1.381 | 8 / 2 | |
| 0.1.380 | 8 / 2 | |
| 0.1.379 | 8 / 2 | |
| 0.1.378 | 8 / 2 | |
| 0.1.376 | 8 / 2 | |
| 0.1.375 | 8 / 2 | |
| 0.1.374 | 8 / 2 | |
| 0.1.373 | 8 / 2 | |
| 0.1.369 | 8 / 2 | |
| 0.1.368 | 8 / 2 | |
| 0.1.367 | 8 / 2 | |
| 0.1.366 | 8 / 2 | |
| 0.1.365 | 8 / 2 | |
| 0.1.364 | 8 / 2 | |
| 0.1.363 | 8 / 2 | |
| 0.1.362 | 8 / 2 | |
| 0.1.361 | 8 / 2 | |
| 0.1.360 | 8 / 2 | |
| 0.1.357 | 8 / 2 | |
| 0.1.355 | 8 / 2 | |
| 0.1.353 | 8 / 2 | |
| 0.1.351 | 8 / 2 | |
| 0.1.350 | 8 / 2 | |
| 0.1.349 | 8 / 2 | |
| 0.1.348 | 8 / 2 | |
| 0.1.347 | 8 / 2 | |
| 0.1.346 | 8 / 2 | |
| 0.1.345 | 8 / 2 | |
| 0.1.344 | 8 / 2 | |
| 0.1.343 | 8 / 2 | |
| 0.1.342 | 8 / 2 | |
| 0.1.341 | 8 / 2 | |
| 0.1.340 | 8 / 2 |
v0.1.410
2 findingsThis version was published by a different npm account than previous versions on 2026-05-21. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.401
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.400
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.398
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.397
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.396
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.395
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.394
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.393
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.392
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.391
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.389
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.388
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.387
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.385
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.384
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.383
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.382
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.381
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.380
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.379
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.378
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.376
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.375
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.374
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.373
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.369
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.368
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.367
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.366
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.365
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.364
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.363
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.362
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.361
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.360
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.357
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.355
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.353
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.351
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.350
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.349
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.348
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.347
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.346
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.345
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.344
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.343
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.342
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.341
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.