@powerlines/plugin-openapi
A Powerlines plugin to generate project code from OpenAPI specifications.
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | publisher-changed | AI (provenance): Transition from stormie-bot to GitHub Actions is a legitimate CI/CD modernization, confirmed by SLSA provenance attestation. Generalizes to future versions for this package. | ai | |
| phantom-deps | phantom-dep:@stryke/type-checks | AI (phantom-deps): Declared dependency used indirectly; common pattern in plugin/config-driven architectures. | ai | |
| phantom-deps | phantom-dep:powerlines | AI (phantom-deps): Declared dependency used indirectly; common pattern in plugin/config-driven architectures. | ai | |
| phantom-deps | phantom-dep:@stryke/path | AI (phantom-deps): Declared dependency used indirectly; common pattern in plugin/config-driven architectures. | ai | |
| phantom-deps | phantom-dep:@stryke/types | AI (phantom-deps): Declared dependency used indirectly; common pattern in plugin/config-driven architectures. | ai | |
| phantom-deps | phantom-dep:openapi-typescript | AI (phantom-deps): Declared dependency used indirectly; common pattern in plugin/config-driven architectures. | ai | |
| phantom-deps | phantom-dep:defu | AI (phantom-deps): Declared dependency used indirectly; common pattern in plugin/config-driven architectures. | ai | |
| phantom-deps | phantom-dep:jiti | AI (phantom-deps): Declared dependency used indirectly; common pattern in plugin/config-driven architectures. | ai | |
| dependencies | unvetted-dep:@stryke/types | AI (dependencies): @stryke/types is a Storm Software utility library from the same org; no security concern. | ai | |
| dependencies | unvetted-dep:@stryke/type-checks | AI (dependencies): @stryke/type-checks is a Storm Software utility library from the same org; no security concern. | ai | |
| dependencies | unvetted-dep:@stryke/path | AI (dependencies): @stryke/path is a Storm Software utility library from the same org; no security concern. | ai | |
| dependencies | unvetted-dep:powerlines | AI (dependencies): powerlines is the core package of the same Storm Software ecosystem; unvetted status reflects review queue lag, not a security concern for this publisher. | ai |
Versions (showing 100 of 580)
| Version | Deps | Published |
|---|---|---|
| 0.2.377 | 7 / 2 | |
| 0.2.376 | 7 / 2 | |
| 0.2.375 | 7 / 2 | |
| 0.2.374 | 7 / 2 | |
| 0.2.373 | 7 / 2 | |
| 0.2.372 | 7 / 2 | |
| 0.2.371 | 7 / 2 | |
| 0.2.370 | 7 / 2 | |
| 0.2.368 | 7 / 2 | |
| 0.2.367 | 7 / 2 | |
| 0.2.366 | 7 / 2 | |
| 0.2.365 | 7 / 2 | |
| 0.2.364 | 7 / 2 | |
| 0.2.363 | 7 / 2 | |
| 0.2.360 | 7 / 2 | |
| 0.2.359 | 7 / 2 | |
| 0.2.358 | 7 / 2 | |
| 0.2.357 | 7 / 2 | |
| 0.2.356 | 7 / 2 | |
| 0.2.355 | 7 / 2 | |
| 0.2.354 | 7 / 2 | |
| 0.2.353 | 7 / 2 | |
| 0.2.352 | 7 / 2 | |
| 0.2.351 | 7 / 2 | |
| 0.2.350 | 7 / 2 | |
| 0.2.349 | 7 / 2 | |
| 0.2.348 | 7 / 2 | |
| 0.2.347 | 7 / 2 | |
| 0.2.346 | 7 / 2 | |
| 0.2.345 | 7 / 2 | |
| 0.2.344 | 7 / 2 | |
| 0.2.343 | 7 / 2 | |
| 0.2.342 | 7 / 2 | |
| 0.2.341 | 7 / 2 | |
| 0.2.339 | 7 / 2 | |
| 0.2.338 | 7 / 2 | |
| 0.2.337 | 7 / 2 | |
| 0.2.336 | 7 / 2 | |
| 0.2.335 | 7 / 2 | |
| 0.2.334 | 7 / 2 | |
| 0.2.333 | 7 / 2 | |
| 0.2.332 | 7 / 2 | |
| 0.2.331 | 7 / 2 | |
| 0.2.330 | 7 / 2 | |
| 0.2.329 | 7 / 2 | |
| 0.2.328 | 7 / 2 | |
| 0.2.327 | 7 / 2 | |
| 0.2.326 | 7 / 2 | |
| 0.2.325 | 7 / 2 | |
| 0.2.324 | 7 / 2 | |
| 0.2.323 | 7 / 2 | |
| 0.2.322 | 7 / 2 | |
| 0.2.321 | 7 / 2 | |
| 0.2.320 | 7 / 2 | |
| 0.2.319 | 7 / 2 | |
| 0.2.318 | 7 / 2 | |
| 0.2.317 | 7 / 2 | |
| 0.2.316 | 7 / 2 | |
| 0.2.315 | 7 / 2 | |
| 0.2.314 | 7 / 2 | |
| 0.2.313 | 7 / 2 | |
| 0.2.312 | 7 / 2 | |
| 0.2.311 | 7 / 2 | |
| 0.2.310 | 7 / 2 | |
| 0.2.309 | 7 / 2 | |
| 0.2.308 | 7 / 2 | |
| 0.2.307 | 7 / 2 | |
| 0.2.306 | 7 / 2 | |
| 0.2.305 | 7 / 2 | |
| 0.2.304 | 7 / 2 | |
| 0.2.303 | 7 / 2 | |
| 0.2.302 | 7 / 2 | |
| 0.2.301 | 7 / 2 | |
| 0.2.300 | 7 / 2 | |
| 0.2.299 | 7 / 2 | |
| 0.2.298 | 7 / 2 | |
| 0.2.297 | 7 / 2 | |
| 0.2.296 | 7 / 2 | |
| 0.2.295 | 7 / 2 | |
| 0.2.294 | 7 / 2 | |
| 0.2.293 | 7 / 2 | |
| 0.2.292 | 7 / 2 | |
| 0.2.291 | 7 / 2 | |
| 0.2.290 | 7 / 2 | |
| 0.2.289 | 7 / 2 | |
| 0.2.288 | 7 / 2 | |
| 0.2.287 | 7 / 2 | |
| 0.2.286 | 7 / 2 | |
| 0.2.285 | 7 / 2 | |
| 0.2.284 | 7 / 2 | |
| 0.2.283 | 7 / 2 | |
| 0.2.282 | 7 / 2 | |
| 0.2.281 | 7 / 2 | |
| 0.2.280 | 7 / 2 | |
| 0.2.279 | 7 / 2 | |
| 0.2.278 | 7 / 2 | |
| 0.2.277 | 7 / 2 | |
| 0.2.276 | 7 / 2 | |
| 0.2.275 | 7 / 2 | |
| 0.2.274 | 7 / 2 |
v0.2.359
2 findingsThis version was published by a different npm account than previous versions on 2026-03-16. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.320
2 findingsThis version was published by a different npm account than previous versions on 2026-03-07. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.298
2 findingsThis version was published by a different npm account than previous versions on 2026-03-01. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.