@powerlines/plugin-rollup
A package containing a Powerlines plugin to assist in developing other Powerlines plugins.
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:@powerlines/unplugin | AI (dependencies): Same-org dependency (@powerlines namespace); consistent with this package's internal ecosystem structure. | ai | |
| phantom-deps | phantom-dep:@rollup/plugin-alias | AI (phantom-deps): Framework-scoped rollup plugin loaded by convention; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@rollup/plugin-babel | AI (phantom-deps): Framework-scoped rollup plugin loaded by convention; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@rollup/plugin-inject | AI (phantom-deps): Framework-scoped rollup plugin loaded by convention; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@rollup/plugin-replace | AI (phantom-deps): Framework-scoped rollup plugin loaded by convention; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:rollup-plugin-typescript2 | AI (phantom-deps): Referenced in config files by convention; stable false positive for this rollup plugin package. | ai | |
| phantom-deps | phantom-dep:@rollup/plugin-node-resolve | AI (phantom-deps): Framework-scoped rollup plugin loaded by convention; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@stryke/helpers | AI (phantom-deps): Same-org helper package referenced in config files; stable false positive for this package. | ai | |
| source-diff | obfuscated-file:dist/powerlines/src/api.cjs | AI (source-diff): Minified rolldown bundle output. Content is legitimate build tooling logic with standard npm imports. No malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/powerlines/src/lib/contexts/environment-context.cjs | AI (source-diff): Minified rolldown bundle output. Content is legitimate plugin context logic. No malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/powerlines/schemas/fs.cjs | AI (source-diff): Minified rolldown bundle output with capnp schema definitions. Legitimate data structure code. No malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/powerlines/src/internal/helpers/resolve-tsconfig.cjs | AI (source-diff): Minified rolldown bundle output. Content is TypeScript config resolution logic. No malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/powerlines/src/lib/build/rollup.cjs | AI (source-diff): Minified rolldown bundle output. Content is rollup build configuration logic. No malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/powerlines/src/lib/fs/vfs.cjs | AI (source-diff): Minified rolldown bundle output. Content is virtual filesystem implementation. No malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/powerlines/src/lib/contexts/api-context.mjs | AI (source-diff): Minified rolldown bundle output (ESM variant). Expected build artifact for this build tool plugin package. | ai | |
| source-diff | obfuscated-file:dist/powerlines/src/lib/contexts/api-context.cjs | AI (source-diff): Minified rolldown/rollup bundle output, not obfuscated malware. Code is readable JS class definitions. Expected for a build tool plugin package. | ai | |
| source-diff | obfuscated-file:dist/powerlines/src/lib/contexts/context.cjs | AI (source-diff): Minified rolldown bundle output. Content is legitimate context class implementation. No malicious patterns. | ai | |
| publish-pattern | new-deps-added | AI (publish-pattern): All new deps are established rollup ecosystem plugins or same-org @powerlines/* packages. Consistent with a legitimate refactor splitting functionality across packages. | ai | |
| provenance | publisher-changed | AI (provenance): Publisher changed from stormie-bot to GitHub Actions with SLSA provenance attestation — this is a CI/CD migration by the same org (Storm Software), not a hostile takeover. | ai | |
| phantom-deps | phantom-dep:unplugin | AI (phantom-deps): Unplugin is used in plugin configuration; phantom pattern is expected for Rollup plugins. | ai | |
| phantom-deps | phantom-dep:defu | AI (phantom-deps): Phantom dep pattern is expected for build tool plugins; defu is used in config context. | ai | |
| phantom-deps | phantom-dep:rollup | AI (phantom-deps): Rollup is a peer/plugin dependency used in config context; phantom pattern is stable for this package type. | ai | |
| phantom-deps | phantom-dep:powerlines | AI (phantom-deps): Powerlines is the parent framework used in config context; phantom pattern is stable. | ai | |
| phantom-deps | phantom-dep:@stryke/path | AI (phantom-deps): Phantom dep pattern is expected for build tool plugins; used in config context. | ai | |
| phantom-deps | phantom-dep:@stryke/convert | AI (phantom-deps): Phantom dep pattern is expected for build tool plugins; used in config context. | ai | |
| phantom-deps | phantom-dep:@stryke/type-checks | AI (phantom-deps): Phantom dep pattern is expected for build tool plugins; used in config context. | ai | |
| phantom-deps | phantom-dep:jiti | AI (phantom-deps): jiti is a well-known runtime TS loader; declared for config file usage, not a security concern for this package. | ai | |
| phantom-deps | phantom-dep:@powerlines/plugin-babel | AI (phantom-deps): Same org scope (@powerlines); sibling plugin dependency used in config files, not a security concern. | ai | |
| phantom-deps | phantom-dep:@stryke/types | AI (phantom-deps): Same publisher ecosystem (@stryke); type-only dependency declared for config usage, not a security concern. | ai | |
| phantom-deps | phantom-dep:@stryke/fs | AI (phantom-deps): Same publisher ecosystem (@stryke); declared for config file usage, not a security concern. | ai |
Versions (showing 100 of 417)
| Version | Deps | Published |
|---|---|---|
| 0.7.471 | 17 / 2 | |
| 0.7.470 | 17 / 2 | |
| 0.7.469 | 17 / 2 | |
| 0.7.468 | 17 / 2 | |
| 0.7.467 | 17 / 2 | |
| 0.7.466 | 17 / 2 | |
| 0.7.465 | 17 / 2 | |
| 0.7.464 | 17 / 2 | |
| 0.7.463 | 17 / 2 | |
| 0.7.460 | 17 / 2 | |
| 0.7.459 | 17 / 2 | |
| 0.7.458 | 17 / 2 | |
| 0.7.457 | 17 / 2 | |
| 0.7.456 | 17 / 2 | |
| 0.7.454 | 17 / 2 | |
| 0.7.453 | 17 / 2 | |
| 0.7.452 | 17 / 2 | |
| 0.7.451 | 17 / 2 | |
| 0.7.450 | 17 / 2 | |
| 0.7.449 | 17 / 2 | |
| 0.7.448 | 17 / 2 | |
| 0.7.447 | 17 / 2 | |
| 0.7.446 | 17 / 2 | |
| 0.7.445 | 17 / 2 | |
| 0.7.444 | 17 / 2 | |
| 0.7.443 | 17 / 2 | |
| 0.7.442 | 16 / 2 | |
| 0.7.441 | 16 / 2 | |
| 0.7.440 | 16 / 2 | |
| 0.7.439 | 16 / 2 | |
| 0.7.438 | 16 / 2 | |
| 0.7.437 | 16 / 2 | |
| 0.7.436 | 16 / 2 | |
| 0.7.435 | 16 / 2 | |
| 0.7.434 | 16 / 2 | |
| 0.7.433 | 16 / 2 | |
| 0.7.432 | 16 / 2 | |
| 0.7.431 | 16 / 2 | |
| 0.7.430 | 16 / 2 | |
| 0.7.429 | 16 / 2 | |
| 0.7.428 | 16 / 2 | |
| 0.7.427 | 16 / 2 | |
| 0.7.426 | 16 / 2 | |
| 0.7.425 | 16 / 2 | |
| 0.7.424 | 16 / 2 | |
| 0.7.423 | 16 / 2 | |
| 0.7.422 | 16 / 2 | |
| 0.7.421 | 16 / 2 | |
| 0.7.420 | 16 / 2 | |
| 0.7.419 | 16 / 2 | |
| 0.7.418 | 16 / 2 | |
| 0.7.417 | 16 / 2 | |
| 0.7.416 | 16 / 2 | |
| 0.7.415 | 16 / 2 | |
| 0.7.414 | 16 / 2 | |
| 0.7.413 | 16 / 2 | |
| 0.7.412 | 16 / 2 | |
| 0.7.411 | 16 / 2 | |
| 0.7.410 | 16 / 2 | |
| 0.7.409 | 16 / 2 | |
| 0.7.408 | 16 / 2 | |
| 0.7.407 | 16 / 2 | |
| 0.7.406 | 16 / 2 | |
| 0.7.405 | 16 / 2 | |
| 0.7.404 | 16 / 2 | |
| 0.7.402 | 16 / 2 | |
| 0.7.401 | 16 / 2 | |
| 0.7.400 | 16 / 2 | |
| 0.7.399 | 16 / 2 | |
| 0.7.398 | 16 / 2 | |
| 0.7.397 | 16 / 2 | |
| 0.7.396 | 16 / 2 | |
| 0.7.395 | 16 / 2 | |
| 0.7.394 | 16 / 2 | |
| 0.7.393 | 16 / 2 | |
| 0.7.392 | 16 / 2 | |
| 0.7.391 | 16 / 2 | |
| 0.7.390 | 16 / 2 | |
| 0.7.389 | 16 / 2 | |
| 0.7.388 | 16 / 2 | |
| 0.7.387 | 16 / 2 | |
| 0.7.386 | 16 / 2 | |
| 0.7.385 | 16 / 2 | |
| 0.7.384 | 16 / 2 | |
| 0.7.383 | 16 / 2 | |
| 0.7.382 | 16 / 2 | |
| 0.7.381 | 16 / 2 | |
| 0.7.380 | 16 / 2 | |
| 0.7.379 | 16 / 2 | |
| 0.7.378 | 16 / 2 | |
| 0.7.377 | 16 / 2 | |
| 0.7.376 | 16 / 2 | |
| 0.7.375 | 16 / 2 | |
| 0.7.374 | 16 / 2 | |
| 0.7.373 | 16 / 2 | |
| 0.7.372 | 16 / 2 | |
| 0.7.371 | 16 / 2 | |
| 0.7.370 | 16 / 2 | |
| 0.7.369 | 16 / 2 | |
| 0.7.368 | 16 / 2 |
v0.7.471
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.470
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.469
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.468
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.467
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.466
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.465
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.464
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.463
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.460
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.459
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.458
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.457
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.456
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.454
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.453
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.452
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.451
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.450
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.449
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.448
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.447
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.446
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.445
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.444
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.419
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.418
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.417
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.416
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.415
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.414
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.413
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.412
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.411
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.410
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.409
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.408
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.407
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.406
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.405
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.404
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.402
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.401
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.400
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.399
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.398
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.397
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.396
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.395
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.394
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.393
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.392
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.391
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.390
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.389
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.388
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.387
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.386
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.385
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.384
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.383
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.382
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.381
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.380
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.379
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.378
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.377
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.376
2 findingsThis version was published by a different npm account than previous versions on 2026-03-23. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.375
2 findingsThis version was published by a different npm account than previous versions on 2026-03-23. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.374
2 findingsThis version was published by a different npm account than previous versions on 2026-03-22. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.373
2 findingsThis version was published by a different npm account than previous versions on 2026-03-22. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.372
2 findingsThis version was published by a different npm account than previous versions on 2026-03-22. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.371
2 findingsThis version was published by a different npm account than previous versions on 2026-03-21. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.370
2 findingsThis version was published by a different npm account than previous versions on 2026-03-19. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.369
2 findingsThis version was published by a different npm account than previous versions on 2026-03-19. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.368
2 findingsThis version was published by a different npm account than previous versions on 2026-03-19. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.