@powerlines/plugin-react
A package containing a Powerlines plugin for building a React application.
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:@storm-software/config-tools | AI (phantom-deps): Config-only reference, consistent with the storm-software monorepo tooling pattern seen across this package family. | ai | |
| provenance | publisher-changed | AI (provenance): stormie-bot is the established bot publisher for storm-software org with 2775 approved packages; transition from GH Actions is expected CI automation change. | ai | |
| source-diff | obfuscated-file:dist/index.cjs | AI (source-diff): Standard rolldown/rollup minified bundle; readable logic, no malicious patterns. Stable for this package. | ai | |
| source-diff | obfuscated-file:dist/index.mjs | AI (source-diff): Standard rolldown/rollup minified ESM bundle; readable logic, no malicious patterns. Stable for this package. | ai | |
| phantom-deps | phantom-dep:@powerlines/alloy | AI (phantom-deps): Same-org dependency from Storm Software's @powerlines/* ecosystem; consistent pattern across all plugin packages in this monorepo. | ai | |
| phantom-deps | phantom-dep:@powerlines/plugin-env | AI (phantom-deps): Same-org dependency; plugin wrapper pattern where deps are configured but not directly imported in analyzed entry points. | ai | |
| phantom-deps | phantom-dep:@powerlines/plugin-babel | AI (phantom-deps): Same-org dependency; plugin wrapper pattern where deps are configured but not directly imported in analyzed entry points. | ai | |
| phantom-deps | phantom-dep:@vitejs/plugin-react | AI (phantom-deps): This package wraps @vitejs/plugin-react; it's expected to reference it in config files without direct imports in all entry points. | ai | |
| phantom-deps | phantom-dep:defu | AI (phantom-deps): Utility used in config composition; referenced in config files rather than direct imports — stable pattern for this build plugin package. | ai | |
| phantom-deps | phantom-dep:powerlines | AI (phantom-deps): Core powerlines package used in config context; same phantom-dep pattern consistent across this monorepo's plugin packages. | ai | |
| phantom-deps | phantom-dep:@powerlines/plugin-plugin | AI (phantom-deps): Same-org @powerlines dependency declared for runtime plugin loading by the powerlines framework, not direct import. Consistent with plugin architecture pattern across this package family. | ai | |
| dependencies | unvetted-dep:@powerlines/alloy | AI (dependencies): Same-org @powerlines dependency from publisher with 351 approved packages and SLSA provenance. Consistent with the broader @powerlines ecosystem used throughout this package. | ai | |
| phantom-deps | phantom-dep:@stryke/convert | AI (phantom-deps): Referenced in config files rather than direct imports; consistent with plugin/build-tool architecture across all versions. | ai | |
| phantom-deps | phantom-dep:@stryke/path | AI (phantom-deps): Referenced in config files rather than direct imports; consistent with plugin/build-tool architecture across all versions. | ai | |
| phantom-deps | phantom-dep:@stryke/cli | AI (phantom-deps): Referenced in config files rather than direct imports; consistent with plugin/build-tool architecture across all versions. | ai | |
| phantom-deps | phantom-dep:@babel/core | AI (phantom-deps): Build plugin package; @babel/core is a framework-scoped dep loaded by convention, not direct import. Stable pattern for this package type. | ai | |
| phantom-deps | phantom-dep:@alloy-js/markdown | AI (phantom-deps): Referenced in config files rather than direct imports; consistent with plugin/build-tool architecture across all versions. | ai | |
| phantom-deps | phantom-dep:@powerlines/plugin-vite | AI (phantom-deps): Same-org package from Powerlines ecosystem; loaded by convention in plugin architecture, not a security concern. | ai | |
| phantom-deps | phantom-dep:@alloy-js/json | AI (phantom-deps): Referenced in config files rather than direct imports; consistent with plugin/build-tool architecture across all versions. | ai | |
| phantom-deps | phantom-dep:@stryke/fs | AI (phantom-deps): Referenced in config files rather than direct imports; consistent with plugin/build-tool architecture across all versions. | ai |
Versions (showing 100 of 588)
| Version | Deps | Published |
|---|---|---|
| 0.1.542 | 18 / 4 | |
| 0.1.541 | 18 / 4 | |
| 0.1.540 | 18 / 4 | |
| 0.1.539 | 18 / 4 | |
| 0.1.538 | 18 / 4 | |
| 0.1.537 | 18 / 4 | |
| 0.1.536 | 18 / 4 | |
| 0.1.535 | 18 / 4 | |
| 0.1.534 | 18 / 4 | |
| 0.1.533 | 18 / 4 | |
| 0.1.532 | 18 / 4 | |
| 0.1.531 | 18 / 4 | |
| 0.1.530 | 18 / 4 | |
| 0.1.527 | 18 / 4 | |
| 0.1.526 | 18 / 4 | |
| 0.1.525 | 18 / 4 | |
| 0.1.524 | 18 / 4 | |
| 0.1.523 | 18 / 4 | |
| 0.1.522 | 18 / 4 | |
| 0.1.520 | 18 / 4 | |
| 0.1.519 | 18 / 4 | |
| 0.1.518 | 18 / 4 | |
| 0.1.517 | 18 / 4 | |
| 0.1.516 | 18 / 4 | |
| 0.1.515 | 18 / 4 | |
| 0.1.514 | 18 / 4 | |
| 0.1.513 | 18 / 4 | |
| 0.1.512 | 18 / 4 | |
| 0.1.511 | 18 / 4 | |
| 0.1.510 | 18 / 4 | |
| 0.1.509 | 18 / 4 | |
| 0.1.508 | 18 / 4 | |
| 0.1.507 | 18 / 4 | |
| 0.1.506 | 18 / 4 | |
| 0.1.505 | 18 / 4 | |
| 0.1.504 | 18 / 4 | |
| 0.1.503 | 18 / 4 | |
| 0.1.502 | 18 / 4 | |
| 0.1.501 | 18 / 4 | |
| 0.1.500 | 18 / 4 | |
| 0.1.499 | 18 / 4 | |
| 0.1.498 | 18 / 4 | |
| 0.1.497 | 18 / 4 | |
| 0.1.496 | 18 / 4 | |
| 0.1.495 | 18 / 4 | |
| 0.1.493 | 18 / 4 | |
| 0.1.492 | 18 / 4 | |
| 0.1.491 | 18 / 4 | |
| 0.1.490 | 18 / 4 | |
| 0.1.489 | 18 / 4 | |
| 0.1.488 | 18 / 4 | |
| 0.1.487 | 18 / 4 | |
| 0.1.486 | 18 / 4 | |
| 0.1.485 | 18 / 4 | |
| 0.1.484 | 18 / 4 | |
| 0.1.483 | 18 / 4 | |
| 0.1.482 | 18 / 4 | |
| 0.1.481 | 18 / 4 | |
| 0.1.480 | 18 / 4 | |
| 0.1.479 | 18 / 4 | |
| 0.1.478 | 18 / 4 | |
| 0.1.477 | 18 / 4 | |
| 0.1.476 | 18 / 4 | |
| 0.1.475 | 18 / 4 | |
| 0.1.474 | 18 / 4 | |
| 0.1.473 | 18 / 4 | |
| 0.1.472 | 18 / 4 | |
| 0.1.471 | 18 / 4 | |
| 0.1.470 | 18 / 4 | |
| 0.1.469 | 18 / 4 | |
| 0.1.468 | 18 / 4 | |
| 0.1.466 | 18 / 4 | |
| 0.1.465 | 18 / 4 | |
| 0.1.464 | 18 / 4 | |
| 0.1.463 | 18 / 4 | |
| 0.1.462 | 18 / 4 | |
| 0.1.461 | 18 / 4 | |
| 0.1.460 | 18 / 4 | |
| 0.1.459 | 18 / 4 | |
| 0.1.458 | 18 / 4 | |
| 0.1.457 | 18 / 4 | |
| 0.1.456 | 18 / 4 | |
| 0.1.455 | 18 / 4 | |
| 0.1.454 | 18 / 4 | |
| 0.1.453 | 18 / 4 | |
| 0.1.452 | 18 / 4 | |
| 0.1.451 | 18 / 4 | |
| 0.1.450 | 18 / 4 | |
| 0.1.449 | 18 / 4 | |
| 0.1.448 | 18 / 4 | |
| 0.1.447 | 18 / 4 | |
| 0.1.446 | 18 / 4 | |
| 0.1.445 | 18 / 4 | |
| 0.1.444 | 18 / 4 | |
| 0.1.443 | 18 / 4 | |
| 0.1.442 | 18 / 4 | |
| 0.1.441 | 18 / 4 | |
| 0.1.440 | 18 / 4 | |
| 0.1.439 | 18 / 4 | |
| 0.1.438 | 18 / 4 |
v0.1.542
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.541
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.540
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.539
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.538
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.537
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.536
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.535
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.534
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.533
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.532
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.531
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.530
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.527
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.526
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.525
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.524
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.523
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.522
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.520
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.519
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.518
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.517
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.516
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.515
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.514
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.513
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.512
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.511
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.510
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.