← Home

@powerlines/plugin-pulumi

npm Repository Homepage

A Powerlines plugin to deploy infrastructure using Pulumi.

100
Versions
Apache-2.0
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

stormie-botsullivanpj

Keywords

pulumipowerlinesstorm-softwarepowerlines-plugin

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
provenance publisher-changed AI (provenance): Publisher changed from stormie-bot to GitHub Actions, consistent with migration to CI/CD-based publishing with SLSA provenance attestation. Package has 399 versions and established organizational identity. ai
source-diff obfuscated-file:dist/index.mjs AI (source-diff): dist/index.mjs is standard bundler-minified output (Rollup/Vite/tsup). Long lines are a build artifact, not obfuscation. Code is semantically readable and consistent with the package's stated purpose. ai
phantom-deps phantom-dep:defu AI (phantom-deps): defu is bundled into dist output; phantom-dep false positive for bundled packages where subpath imports are resolved at build time. ai
phantom-deps phantom-dep:powerlines AI (phantom-deps): powerlines is a peer/config dependency referenced in build config, not directly imported in source. Stable false positive for this bundled package. ai
phantom-deps phantom-dep:@stryke/string-format AI (phantom-deps): @stryke/string-format is bundled into dist output; phantom-dep false positive for bundled packages. ai
phantom-deps phantom-dep:@stryke/fs AI (phantom-deps): Legitimately declared dependency used indirectly; phantom-dep false positive in monorepo/build context. ai
phantom-deps phantom-dep:typescript AI (phantom-deps): Build-time dependency referenced in tsconfig; phantom-dep false positive for build tools. ai
phantom-deps phantom-dep:@stryke/path AI (phantom-deps): Legitimately declared dependency used indirectly; phantom-dep false positive in monorepo/build context. ai
phantom-deps phantom-dep:@stryke/helpers AI (phantom-deps): Legitimately declared dependency used indirectly; phantom-dep false positive in monorepo/build context. ai
phantom-deps phantom-dep:@stryke/type-checks AI (phantom-deps): Legitimately declared dependency used indirectly; phantom-dep false positive in monorepo/build context. ai

Versions (showing 100 of 564)

Version Deps Published
0.6.118 10 / 2
0.6.117 10 / 2
0.6.116 10 / 2
0.6.115 10 / 2
0.6.114 10 / 2
0.6.113 10 / 2
0.6.112 10 / 2
0.6.111 10 / 2
0.6.110 10 / 2
0.6.109 10 / 2
0.6.106 10 / 2
0.6.105 10 / 2
0.6.104 10 / 2
0.6.103 10 / 2
0.6.102 10 / 2
0.6.100 10 / 2
0.6.99 10 / 2
0.6.98 10 / 2
0.6.97 10 / 2
0.6.96 10 / 2
0.6.95 10 / 2
0.6.94 10 / 2
0.6.93 10 / 2
0.6.92 10 / 2
0.6.91 10 / 2
0.6.90 10 / 2
0.6.89 10 / 2
0.6.88 10 / 2
0.6.87 10 / 2
0.6.86 10 / 2
0.6.85 10 / 2
0.6.84 10 / 2
0.6.83 10 / 2
0.6.82 10 / 2
0.6.81 10 / 2
0.6.80 10 / 2
0.6.79 10 / 2
0.6.78 10 / 2
0.6.77 10 / 2
0.6.76 10 / 2
0.6.75 10 / 2
0.6.73 10 / 2
0.6.72 10 / 2
0.6.71 10 / 2
0.6.70 10 / 2
0.6.69 10 / 2
0.6.68 10 / 2
0.6.67 10 / 2
0.6.66 10 / 2
0.6.65 10 / 2
0.6.64 10 / 2
0.6.63 10 / 2
0.6.62 10 / 2
0.6.61 10 / 2
0.6.60 10 / 2
0.6.59 10 / 2
0.6.58 10 / 2
0.6.57 10 / 2
0.6.56 10 / 2
0.6.55 10 / 2
0.6.54 10 / 2
0.6.53 10 / 2
0.6.52 10 / 2
0.6.51 10 / 2
0.6.50 10 / 2
0.6.49 10 / 2
0.6.47 10 / 2
0.6.46 10 / 2
0.6.45 10 / 2
0.6.44 10 / 2
0.6.43 10 / 2
0.6.42 10 / 2
0.6.41 10 / 2
0.6.40 10 / 2
0.6.39 10 / 2
0.6.38 10 / 2
0.6.37 10 / 2
0.6.36 10 / 2
0.6.35 10 / 2
0.6.34 10 / 2
0.6.33 10 / 2
0.6.32 10 / 2
0.6.31 10 / 2
0.6.30 10 / 2
0.6.29 10 / 2
0.6.28 10 / 2
0.6.27 10 / 2
0.6.26 10 / 2
0.6.25 10 / 2
0.6.24 10 / 2
0.6.23 10 / 2
0.6.22 10 / 2
0.6.21 10 / 2
0.6.20 10 / 2
0.6.19 10 / 2
0.6.18 10 / 2
0.6.17 10 / 2
0.6.16 10 / 2
0.6.15 10 / 2
0.6.14 10 / 2
Showing 100 of 564 Next page →

v0.6.118

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.117

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.116

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.115

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.114

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.113

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.112

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.111

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.110

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.109

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.106

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.105

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.104

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.103

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.102

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.100

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.99

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.98

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.97

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.96

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.95

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.94

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.93

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.92

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.91

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.90

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.19

2 findings
HIGH Publisher changed: stormie-bot → GitHub Actions (on 2026-03-23) provenance

This version was published by a different npm account than previous versions on 2026-03-23. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.18

2 findings
HIGH Publisher changed: stormie-bot → GitHub Actions (on 2026-03-23) provenance

This version was published by a different npm account than previous versions on 2026-03-23. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.17

2 findings
HIGH Publisher changed: stormie-bot → GitHub Actions (on 2026-03-23) provenance

This version was published by a different npm account than previous versions on 2026-03-23. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.16

2 findings
HIGH Publisher changed: stormie-bot → GitHub Actions (on 2026-03-23) provenance

This version was published by a different npm account than previous versions on 2026-03-23. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.15

2 findings
HIGH Publisher changed: stormie-bot → GitHub Actions (on 2026-03-22) provenance

This version was published by a different npm account than previous versions on 2026-03-22. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.14

2 findings
HIGH Publisher changed: stormie-bot → GitHub Actions (on 2026-03-22) provenance

This version was published by a different npm account than previous versions on 2026-03-22. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.