@powerlines/plugin-react
A package containing a Powerlines plugin for building a React application.
100
Versions
Apache-2.0
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
gitHead linked
Maintainers
stormie-botsullivanpj
Keywords
reactpowerlinesstorm-softwarepowerlines-plugin
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:@storm-software/config-tools | AI (phantom-deps): Config-only reference, consistent with the storm-software monorepo tooling pattern seen across this package family. | ai | |
| provenance | publisher-changed | AI (provenance): stormie-bot is the established bot publisher for storm-software org with 2775 approved packages; transition from GH Actions is expected CI automation change. | ai | |
| source-diff | obfuscated-file:dist/index.cjs | AI (source-diff): Standard rolldown/rollup minified bundle; readable logic, no malicious patterns. Stable for this package. | ai | |
| source-diff | obfuscated-file:dist/index.mjs | AI (source-diff): Standard rolldown/rollup minified ESM bundle; readable logic, no malicious patterns. Stable for this package. | ai | |
| phantom-deps | phantom-dep:@powerlines/alloy | AI (phantom-deps): Same-org dependency from Storm Software's @powerlines/* ecosystem; consistent pattern across all plugin packages in this monorepo. | ai | |
| phantom-deps | phantom-dep:@powerlines/plugin-env | AI (phantom-deps): Same-org dependency; plugin wrapper pattern where deps are configured but not directly imported in analyzed entry points. | ai | |
| phantom-deps | phantom-dep:@powerlines/plugin-babel | AI (phantom-deps): Same-org dependency; plugin wrapper pattern where deps are configured but not directly imported in analyzed entry points. | ai | |
| phantom-deps | phantom-dep:@vitejs/plugin-react | AI (phantom-deps): This package wraps @vitejs/plugin-react; it's expected to reference it in config files without direct imports in all entry points. | ai | |
| phantom-deps | phantom-dep:defu | AI (phantom-deps): Utility used in config composition; referenced in config files rather than direct imports — stable pattern for this build plugin package. | ai | |
| phantom-deps | phantom-dep:powerlines | AI (phantom-deps): Core powerlines package used in config context; same phantom-dep pattern consistent across this monorepo's plugin packages. | ai | |
| phantom-deps | phantom-dep:@powerlines/plugin-plugin | AI (phantom-deps): Same-org @powerlines dependency declared for runtime plugin loading by the powerlines framework, not direct import. Consistent with plugin architecture pattern across this package family. | ai | |
| dependencies | unvetted-dep:@powerlines/alloy | AI (dependencies): Same-org @powerlines dependency from publisher with 351 approved packages and SLSA provenance. Consistent with the broader @powerlines ecosystem used throughout this package. | ai | |
| phantom-deps | phantom-dep:@stryke/convert | AI (phantom-deps): Referenced in config files rather than direct imports; consistent with plugin/build-tool architecture across all versions. | ai | |
| phantom-deps | phantom-dep:@stryke/path | AI (phantom-deps): Referenced in config files rather than direct imports; consistent with plugin/build-tool architecture across all versions. | ai | |
| phantom-deps | phantom-dep:@stryke/cli | AI (phantom-deps): Referenced in config files rather than direct imports; consistent with plugin/build-tool architecture across all versions. | ai | |
| phantom-deps | phantom-dep:@babel/core | AI (phantom-deps): Build plugin package; @babel/core is a framework-scoped dep loaded by convention, not direct import. Stable pattern for this package type. | ai | |
| phantom-deps | phantom-dep:@alloy-js/markdown | AI (phantom-deps): Referenced in config files rather than direct imports; consistent with plugin/build-tool architecture across all versions. | ai | |
| phantom-deps | phantom-dep:@powerlines/plugin-vite | AI (phantom-deps): Same-org package from Powerlines ecosystem; loaded by convention in plugin architecture, not a security concern. | ai | |
| phantom-deps | phantom-dep:@alloy-js/json | AI (phantom-deps): Referenced in config files rather than direct imports; consistent with plugin/build-tool architecture across all versions. | ai | |
| phantom-deps | phantom-dep:@stryke/fs | AI (phantom-deps): Referenced in config files rather than direct imports; consistent with plugin/build-tool architecture across all versions. | ai |
Versions (showing 100 of 588)
| Version | Deps | Published |
|---|---|---|
| 0.1.332 | 17 / 4 | |
| 0.1.331 | 17 / 4 | |
| 0.1.330 | 17 / 4 | |
| 0.1.329 | 17 / 4 | |
| 0.1.328 | 17 / 4 | |
| 0.1.327 | 17 / 4 | |
| 0.1.326 | 17 / 4 | |
| 0.1.325 | 17 / 4 | |
| 0.1.324 | 17 / 4 | |
| 0.1.323 | 17 / 4 | |
| 0.1.322 | 17 / 4 | |
| 0.1.321 | 17 / 4 | |
| 0.1.320 | 17 / 4 | |
| 0.1.319 | 17 / 4 | |
| 0.1.318 | 17 / 4 | |
| 0.1.317 | 17 / 4 | |
| 0.1.316 | 17 / 4 | |
| 0.1.315 | 17 / 4 | |
| 0.1.314 | 17 / 4 | |
| 0.1.313 | 17 / 4 | |
| 0.1.312 | 17 / 4 | |
| 0.1.311 | 17 / 4 | |
| 0.1.310 | 17 / 4 | |
| 0.1.309 | 17 / 4 | |
| 0.1.308 | 17 / 4 | |
| 0.1.307 | 17 / 4 | |
| 0.1.306 | 17 / 4 | |
| 0.1.305 | 17 / 4 | |
| 0.1.304 | 17 / 4 | |
| 0.1.303 | 17 / 4 | |
| 0.1.302 | 17 / 4 | |
| 0.1.301 | 17 / 4 | |
| 0.1.300 | 17 / 4 | |
| 0.1.299 | 17 / 4 | |
| 0.1.298 | 17 / 4 | |
| 0.1.297 | 17 / 4 | |
| 0.1.296 | 17 / 4 | |
| 0.1.295 | 17 / 4 | |
| 0.1.294 | 17 / 4 | |
| 0.1.293 | 17 / 4 | |
| 0.1.292 | 17 / 4 | |
| 0.1.291 | 17 / 4 | |
| 0.1.290 | 17 / 4 | |
| 0.1.289 | 17 / 4 | |
| 0.1.288 | 17 / 4 | |
| 0.1.287 | 17 / 4 | |
| 0.1.286 | 17 / 4 | |
| 0.1.284 | 17 / 4 | |
| 0.1.283 | 17 / 4 | |
| 0.1.282 | 17 / 4 | |
| 0.1.281 | 17 / 4 | |
| 0.1.280 | 16 / 4 | |
| 0.1.279 | 17 / 4 | |
| 0.1.278 | 17 / 4 | |
| 0.1.277 | 17 / 4 | |
| 0.1.276 | 17 / 4 | |
| 0.1.275 | 17 / 4 | |
| 0.1.274 | 17 / 4 | |
| 0.1.273 | 17 / 4 | |
| 0.1.272 | 17 / 4 | |
| 0.1.271 | 17 / 4 | |
| 0.1.270 | 17 / 4 | |
| 0.1.269 | 17 / 4 | |
| 0.1.268 | 17 / 4 | |
| 0.1.267 | 17 / 4 | |
| 0.1.266 | 17 / 4 | |
| 0.1.265 | 17 / 4 | |
| 0.1.264 | 17 / 4 | |
| 0.1.263 | 17 / 4 | |
| 0.1.262 | 17 / 4 | |
| 0.1.261 | 17 / 4 | |
| 0.1.260 | 17 / 4 | |
| 0.1.259 | 17 / 4 | |
| 0.1.258 | 17 / 4 | |
| 0.1.257 | 17 / 4 | |
| 0.1.256 | 17 / 4 | |
| 0.1.255 | 17 / 4 | |
| 0.1.254 | 17 / 4 | |
| 0.1.253 | 17 / 4 | |
| 0.1.252 | 17 / 4 | |
| 0.1.250 | 17 / 4 | |
| 0.1.249 | 17 / 4 | |
| 0.1.248 | 17 / 4 | |
| 0.1.247 | 17 / 4 | |
| 0.1.246 | 17 / 4 | |
| 0.1.245 | 17 / 4 | |
| 0.1.244 | 17 / 4 | |
| 0.1.243 | 17 / 4 | |
| 0.1.242 | 17 / 4 | |
| 0.1.241 | 17 / 4 | |
| 0.1.240 | 17 / 4 | |
| 0.1.239 | 17 / 4 | |
| 0.1.238 | 17 / 4 | |
| 0.1.237 | 17 / 4 | |
| 0.1.236 | 17 / 4 | |
| 0.1.235 | 17 / 4 | |
| 0.1.234 | 17 / 4 | |
| 0.1.233 | 17 / 4 | |
| 0.1.232 | 17 / 4 | |
| 0.1.231 | 17 / 4 |
Showing 100 of 588
Next page →
v0.1.277
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.276
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.275
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.274
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.273
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.272
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.