@powerlines/plugin-prisma
A Powerlines plugin to generate project code and a Prisma client from a Prisma schema (PSL).
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/api/types.gen.d.cts | AI (source-diff): Generated TypeScript type declarations with long lines; not obfuscated code. Stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:prisma-util | AI (phantom-deps): Config-referenced dependency; stable pattern for this plugin package. | ai | |
| phantom-deps | phantom-dep:@stryke/string-format | AI (phantom-deps): Config-referenced dependency; stable pattern for this plugin package. | ai | |
| phantom-deps | phantom-dep:@prisma/prisma-schema-wasm | AI (phantom-deps): Platform-specific binary; stable pattern for this plugin package. | ai | |
| phantom-deps | phantom-dep:defu | AI (phantom-deps): Config-referenced dependency; stable pattern for this plugin package. | ai | |
| phantom-deps | phantom-dep:fp-ts | AI (phantom-deps): Config-referenced dependency; stable pattern for this plugin package. | ai | |
| phantom-deps | phantom-dep:powerlines | AI (phantom-deps): Config-referenced dependency; stable pattern for this plugin package. | ai | |
| phantom-deps | phantom-dep:ts-pattern | AI (phantom-deps): Config-referenced dependency; stable pattern for this plugin package. | ai | |
| phantom-deps | phantom-dep:@prisma/client-generator-registry | AI (phantom-deps): Config-referenced dependency; stable pattern for this plugin package. | ai | |
| phantom-deps | phantom-dep:@stryke/path | AI (phantom-deps): Config-referenced dependency; stable pattern for this plugin package. | ai | |
| phantom-deps | phantom-dep:@prisma/migrate | AI (phantom-deps): Config-referenced dependency; stable pattern for this plugin package. | ai | |
| phantom-deps | phantom-dep:@stryke/convert | AI (phantom-deps): Config-referenced dependency; stable pattern for this plugin package. | ai | |
| phantom-deps | phantom-dep:@prisma/get-platform | AI (phantom-deps): Config-referenced dependency; stable pattern for this plugin package. | ai | |
| phantom-deps | phantom-dep:@powerlines/plugin-pulumi | AI (phantom-deps): Same org scope; declared as runtime dep, likely used indirectly or in config files. | ai | |
| provenance | publisher-changed | AI (provenance): Transition from stormie-bot to GitHub Actions CI with SLSA attestation is a legitimate CI/CD migration for this org. | ai | |
| phantom-deps | phantom-dep:@stryke/types | AI (phantom-deps): Storm Software internal types package; phantom detection in config files is expected for this ecosystem. | ai | |
| dependencies | unvetted-dep:@prisma/dmmf | AI (dependencies): Official Prisma ecosystem package; legitimate dependency for a Prisma plugin. | ai | |
| dependencies | unvetted-dep:@prisma/config | AI (dependencies): Official Prisma ecosystem package; legitimate dependency for a Prisma plugin. | ai | |
| dependencies | unvetted-dep:@prisma/migrate | AI (dependencies): Official Prisma ecosystem package; legitimate dependency for a Prisma plugin. | ai | |
| dependencies | unvetted-dep:@prisma/generator-helper | AI (dependencies): Official Prisma ecosystem package; legitimate dependency for a Prisma plugin. | ai | |
| dependencies | unvetted-dep:@prisma/client-generator-registry | AI (dependencies): Official Prisma ecosystem package; legitimate dependency for a Prisma plugin. | ai | |
| dependencies | unvetted-dep:@prisma/get-platform | AI (dependencies): Official Prisma ecosystem package; legitimate dependency for a Prisma plugin. | ai | |
| dependencies | unvetted-dep:@prisma/prisma-schema-wasm | AI (dependencies): Official Prisma WASM package; legitimate dependency for a Prisma plugin. | ai | |
| phantom-deps | phantom-dep:@prisma/dmmf | AI (phantom-deps): Declared for type/config usage in a plugin ecosystem; not a security concern. | ai | |
| phantom-deps | phantom-dep:@prisma/config | AI (phantom-deps): Declared for type/config usage in a plugin ecosystem; not a security concern. | ai | |
| phantom-deps | phantom-dep:@prisma/generator-helper | AI (phantom-deps): Declared for type/config usage in a plugin ecosystem; not a security concern. | ai | |
| phantom-deps | phantom-dep:jiti | AI (phantom-deps): jiti is commonly used as a config loader; phantom detection in config files is expected. | ai | |
| phantom-deps | phantom-dep:@stryke/fs | AI (phantom-deps): Storm Software internal package; phantom detection in config files is expected for this ecosystem. | ai | |
| phantom-deps | phantom-dep:@stryke/cli | AI (phantom-deps): Storm Software internal package; phantom detection in config files is expected for this ecosystem. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Storm Software's packages consistently have promotional README content and some minimal entry points; these are quality issues, not security signals, for this established publisher. | ai | |
| phantom-deps | phantom-dep:@stryke/type-checks | AI (phantom-deps): @stryke/type-checks is part of Storm Software's own ecosystem; phantom detection likely reflects config-only usage pattern consistent across their packages. | ai |
Versions (showing 14 of 14)
| Version | Deps | Published |
|---|---|---|
| 0.4.130 | 21 / 4 | |
| 0.4.101 | 21 / 4 | |
| 0.4.99 | 21 / 4 | |
| 0.4.66 | 21 / 4 | |
| 0.4.13 | 14 / 3 | |
| 0.2.264 | 13 / 3 | |
| 0.2.229 | 13 / 3 | |
| 0.1.21 | 13 / 3 | |
| 0.1.20 | 13 / 3 | |
| 0.1.15 | 13 / 3 | |
| 0.1.8 | 13 / 3 | |
| 0.1.6 | 13 / 3 | |
| 0.1.5 | 13 / 3 | |
| 0.1.0 | 13 / 3 |
v0.4.101
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.99
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.66
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.13
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.264
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.229
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.21
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.20
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.15
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.