@powerlines/plugin-rolldown
A package containing a Powerlines plugin to assist in developing other Powerlines plugins.
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:@powerlines/unplugin | AI (dependencies): Same org (@powerlines/storm-software); consistent with the package's own namespace and publishing pattern. | ai | |
| source-diff | obfuscated-file:dist/unplugin-CLsmVZMo.cjs | AI (source-diff): Standard minified bundle output for a build-tool plugin; no obfuscation or malicious payload present. | ai | |
| source-diff | obfuscated-file:dist/index.mjs | AI (source-diff): Standard minified bundle output for a build-tool plugin; no obfuscation or malicious payload present. | ai | |
| source-diff | obfuscated-file:dist/unplugin-Rgj8lLxv.mjs | AI (source-diff): Standard minified bundle output for a build-tool plugin; no obfuscation or malicious payload present. | ai | |
| phantom-deps | phantom-dep:@stryke/helpers | AI (phantom-deps): Internal org dep used in config files; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:glob | AI (phantom-deps): Declared as a runtime dep for config-level use; stable false positive for this package. | ai | |
| source-diff | obfuscated-file:dist/powerlines/src/lib/contexts/api-context.mjs | AI (source-diff): Minified ESM bundle output from rolldown; expected for a build tool plugin shipping compiled dist/ artifacts. | ai | |
| source-diff | obfuscated-file:dist/powerlines/src/lib/contexts/api-context.cjs | AI (source-diff): Minified CJS bundle output from rolldown; this is a rolldown plugin that ships bundled dist/ files. No malicious patterns in samples. | ai | |
| provenance | publisher-changed | AI (provenance): Transition from stormie-bot to GitHub Actions is an upgrade in CI/CD hygiene; SLSA provenance attestation confirms verified pipeline publishing. | ai | |
| source-diff | obfuscated-file:dist/powerlines/src/internal/helpers/resolve-tsconfig.cjs | AI (source-diff): Minified rolldown bundle output; TypeScript config resolution helpers. No malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/powerlines/src/lib/contexts/context.cjs | AI (source-diff): Minified rolldown bundle output; standard plugin context implementation. No malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/powerlines/src/api.cjs | AI (source-diff): Minified rolldown/rollup bundle output; code is readable JS with standard npm imports. No malicious patterns. SLSA provenance confirms CI/CD build. | ai | |
| source-diff | obfuscated-file:dist/powerlines/src/lib/contexts/environment-context.cjs | AI (source-diff): Minified rolldown bundle output; standard plugin environment context. No malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/powerlines/schemas/fs.cjs | AI (source-diff): Minified rolldown bundle output; Cap'n Proto schema definitions. No malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/powerlines/src/lib/fs/vfs.cjs | AI (source-diff): Minified rolldown bundle output; virtual filesystem implementation. No malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/powerlines/src/lib/build/rolldown.cjs | AI (source-diff): Minified rolldown bundle output; build configuration helpers. No malicious patterns. | ai | |
| phantom-deps | phantom-dep:@stryke/convert | AI (phantom-deps): Utility dependency used in build configuration; phantom pattern is stable for this package. | ai | |
| phantom-deps | phantom-dep:defu | AI (phantom-deps): Legitimate build tool dependency used in plugin configuration; phantom pattern is expected for this package type. | ai | |
| phantom-deps | phantom-dep:rolldown | AI (phantom-deps): Core dependency for Rolldown plugin; referenced in build config rather than direct imports. | ai | |
| phantom-deps | phantom-dep:unplugin | AI (phantom-deps): Plugin framework dependency; used indirectly through plugin configuration. | ai | |
| phantom-deps | phantom-dep:powerlines | AI (phantom-deps): Parent framework dependency; referenced in plugin context rather than direct imports. | ai | |
| phantom-deps | phantom-dep:@stryke/path | AI (phantom-deps): Utility dependency used in build configuration; phantom pattern is stable for this package. | ai | |
| phantom-deps | phantom-dep:@stryke/type-checks | AI (phantom-deps): Utility dependency used in build configuration; phantom pattern is stable for this package. | ai | |
| dependencies | unvetted-dep:@stryke/fs | AI (dependencies): Same-org sibling package from Storm Software (@stryke scope); not a third-party unknown dependency. | ai | |
| phantom-deps | phantom-dep:@powerlines/plugin-babel | AI (phantom-deps): Same-org sibling package; indirect usage is expected in this plugin ecosystem. | ai | |
| phantom-deps | phantom-dep:@stryke/types | AI (phantom-deps): Same-org sibling package; type-only usage not directly imported is expected for type packages. | ai | |
| phantom-deps | phantom-dep:@stryke/fs | AI (phantom-deps): Same-org sibling package; indirect usage via config files is expected in this plugin ecosystem. | ai | |
| phantom-deps | phantom-dep:jiti | AI (phantom-deps): jiti is declared as a runtime dependency and used in config files; indirect usage pattern is normal for plugin ecosystems. | ai | |
| dependencies | unvetted-dep:@powerlines/plugin-rollup | AI (dependencies): Same-org sibling package from Storm Software (@powerlines scope); not a third-party unknown dependency. | ai | |
| dependencies | unvetted-dep:@powerlines/plugin-babel | AI (dependencies): Same-org sibling package from Storm Software (@powerlines scope); not a third-party unknown dependency. | ai | |
| dependencies | unvetted-dep:@stryke/type-checks | AI (dependencies): Same-org sibling package from Storm Software (@stryke scope); not a third-party unknown dependency. | ai | |
| dependencies | unvetted-dep:@powerlines/core | AI (dependencies): Same-org sibling package from Storm Software (@powerlines scope); not a third-party unknown dependency. | ai | |
| dependencies | unvetted-dep:@stryke/convert | AI (dependencies): Same-org sibling package from Storm Software (@stryke scope); not a third-party unknown dependency. | ai | |
| dependencies | unvetted-dep:@stryke/types | AI (dependencies): Same-org sibling package from Storm Software (@stryke scope); not a third-party unknown dependency. | ai | |
| dependencies | unvetted-dep:@stryke/path | AI (dependencies): Same-org sibling package from Storm Software (@stryke scope); not a third-party unknown dependency. | ai |
Versions (showing 51 of 452)
| Version | Deps | Published |
|---|---|---|
| 0.7.584 | 13 / 2 | |
| 0.7.583 | 13 / 2 | |
| 0.7.582 | 13 / 2 | |
| 0.7.581 | 13 / 2 | |
| 0.7.580 | 13 / 2 | |
| 0.7.579 | 13 / 2 | |
| 0.7.578 | 13 / 2 | |
| 0.7.577 | 13 / 2 | |
| 0.7.576 | 13 / 2 | |
| 0.7.575 | 13 / 2 | |
| 0.7.574 | 13 / 2 | |
| 0.7.573 | 13 / 2 | |
| 0.7.572 | 13 / 2 | |
| 0.7.571 | 13 / 2 | |
| 0.7.570 | 13 / 2 | |
| 0.7.569 | 13 / 2 | |
| 0.7.568 | 13 / 2 | |
| 0.7.567 | 13 / 2 | |
| 0.7.566 | 13 / 2 | |
| 0.7.565 | 13 / 2 | |
| 0.7.564 | 13 / 2 | |
| 0.7.563 | 13 / 2 | |
| 0.7.562 | 13 / 2 | |
| 0.7.561 | 13 / 2 | |
| 0.7.560 | 13 / 2 | |
| 0.7.559 | 13 / 2 | |
| 0.7.558 | 13 / 2 | |
| 0.7.557 | 13 / 2 | |
| 0.7.556 | 13 / 2 | |
| 0.7.555 | 13 / 2 | |
| 0.7.554 | 13 / 2 | |
| 0.7.553 | 13 / 2 | |
| 0.7.552 | 13 / 2 | |
| 0.7.551 | 13 / 2 | |
| 0.7.550 | 13 / 2 | |
| 0.7.549 | 13 / 2 | |
| 0.7.548 | 13 / 2 | |
| 0.7.547 | 13 / 2 | |
| 0.7.546 | 13 / 2 | |
| 0.7.545 | 13 / 2 | |
| 0.7.544 | 13 / 2 | |
| 0.7.543 | 13 / 2 | |
| 0.7.542 | 13 / 2 | |
| 0.7.541 | 13 / 2 | |
| 0.7.540 | 13 / 2 | |
| 0.7.538 | 13 / 2 | |
| 0.7.537 | 13 / 2 | |
| 0.7.536 | 13 / 2 | |
| 0.7.535 | 13 / 2 | |
| 0.7.534 | 13 / 2 | |
| 0.7.533 | 13 / 2 |
v0.7.584
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.583
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.582
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.581
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.580
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.579
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.578
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.577
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.576
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.575
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.574
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.573
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.572
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.571
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.570
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.569
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.568
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.567
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.566
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.565
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.564
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.563
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.562
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.561
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.560
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.559
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.558
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.557
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.556
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.555
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.554
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.553
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.552
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.551
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.550
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.549
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.548
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.547
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.546
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.545
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.544
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.543
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.542
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.541
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.540
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.538
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.537
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.536
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.535
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.534
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.533
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.