@powerlines/plugin-rspack
A package containing a Powerlines plugin to build projects using Webpack.
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/powerlines/src/lib/contexts/api-context.cjs | AI (source-diff): Rolldown-minified CJS bundle output; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/powerlines/src/lib/contexts/api-context.mjs | AI (source-diff): Rolldown-minified ESM bundle output; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/powerlines/src/lib/fs/vfs.cjs | AI (source-diff): Rolldown-minified CJS bundle output; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/powerlines/src/internal/helpers/resolve-tsconfig.cjs | AI (source-diff): Rolldown-minified CJS bundle output; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/powerlines/schemas/fs.cjs | AI (source-diff): Rolldown-minified CJS bundle output; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/powerlines/src/lib/contexts/environment-context.cjs | AI (source-diff): Rolldown-minified CJS bundle output; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/powerlines/src/lib/contexts/context.cjs | AI (source-diff): Rolldown-minified CJS bundle output; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/powerlines/src/api.cjs | AI (source-diff): Rolldown-minified CJS bundle output; not obfuscation. | ai | |
| phantom-deps | phantom-dep:@stryke/helpers | AI (phantom-deps): Declared as runtime dep; referenced in config files — stable false positive for this package. | ai | |
| provenance | publisher-changed | AI (provenance): stormie-bot is the org's established bot account with 2775 approved packages; transition from GHA to bot account is expected for this publisher. | ai | |
| phantom-deps | phantom-dep:@stryke/type-checks | AI (phantom-deps): Legitimate utility dependency in Powerlines plugin; declared and used via config, not direct imports. | ai | |
| phantom-deps | phantom-dep:@stryke/path | AI (phantom-deps): Legitimate utility dependency in Powerlines plugin; declared and used via config, not direct imports. | ai | |
| phantom-deps | phantom-dep:@rspack/core | AI (phantom-deps): Legitimate build tool dependency in Rspack plugin; declared and used via config, not direct imports. | ai | |
| phantom-deps | phantom-dep:powerlines | AI (phantom-deps): Core framework dependency for Powerlines plugin; declared and used via config, not direct imports. | ai | |
| phantom-deps | phantom-dep:@stryke/fs | AI (phantom-deps): Legitimate utility dependency in Powerlines plugin; declared and used via config, not direct imports. | ai | |
| phantom-deps | phantom-dep:jiti | AI (phantom-deps): Legitimate config-time dependency in Powerlines plugin; declared and used via config, not direct imports. | ai | |
| phantom-deps | phantom-dep:defu | AI (phantom-deps): Legitimate config-time dependency in Powerlines plugin; declared and used via config, not direct imports. | ai | |
| phantom-deps | phantom-dep:@stryke/types | AI (phantom-deps): Legitimate type utility dependency in Powerlines plugin; declared and used via config, not direct imports. | ai | |
| dependencies | unvetted-dep:@powerlines/core | AI (dependencies): First-party dependency within the same @powerlines namespace/ecosystem published by Storm Software. Expected and stable dependency for this package. | ai | |
| dependencies | unvetted-dep:@stryke/path | AI (dependencies): @stryke/path is a utility package from the same Storm Software ecosystem. Consistent presence across versions; no independent risk signals. | ai |
Versions (showing 100 of 270)
| Version | Deps | Published |
|---|---|---|
| 0.5.578 | 7 / 2 | |
| 0.5.577 | 7 / 2 | |
| 0.5.576 | 7 / 2 | |
| 0.5.575 | 7 / 2 | |
| 0.5.574 | 7 / 2 | |
| 0.5.573 | 7 / 2 | |
| 0.5.572 | 7 / 2 | |
| 0.5.571 | 7 / 2 | |
| 0.5.570 | 7 / 2 | |
| 0.5.569 | 7 / 2 | |
| 0.5.568 | 7 / 2 | |
| 0.5.567 | 7 / 2 | |
| 0.5.566 | 7 / 2 | |
| 0.5.565 | 7 / 2 | |
| 0.5.564 | 7 / 2 | |
| 0.5.563 | 7 / 2 | |
| 0.5.562 | 7 / 2 | |
| 0.5.561 | 7 / 2 | |
| 0.5.560 | 7 / 2 | |
| 0.5.559 | 7 / 2 | |
| 0.5.558 | 7 / 2 | |
| 0.5.557 | 7 / 2 | |
| 0.5.556 | 7 / 2 | |
| 0.5.555 | 7 / 2 | |
| 0.5.554 | 7 / 2 | |
| 0.5.553 | 7 / 2 | |
| 0.5.552 | 7 / 2 | |
| 0.5.551 | 7 / 2 | |
| 0.5.550 | 7 / 2 | |
| 0.5.549 | 7 / 2 | |
| 0.5.548 | 7 / 2 | |
| 0.5.547 | 7 / 2 | |
| 0.5.546 | 7 / 2 | |
| 0.5.545 | 7 / 2 | |
| 0.5.544 | 7 / 2 | |
| 0.5.543 | 7 / 2 | |
| 0.5.542 | 7 / 2 | |
| 0.5.541 | 7 / 2 | |
| 0.5.540 | 7 / 2 | |
| 0.5.539 | 7 / 2 | |
| 0.5.538 | 7 / 2 | |
| 0.5.537 | 7 / 2 | |
| 0.5.536 | 7 / 2 | |
| 0.5.535 | 7 / 2 | |
| 0.5.533 | 7 / 2 | |
| 0.5.532 | 7 / 2 | |
| 0.5.531 | 7 / 2 | |
| 0.5.530 | 7 / 2 | |
| 0.5.529 | 7 / 2 | |
| 0.5.528 | 7 / 2 | |
| 0.5.527 | 7 / 2 | |
| 0.5.526 | 7 / 2 | |
| 0.5.525 | 7 / 2 | |
| 0.5.524 | 7 / 2 | |
| 0.5.523 | 7 / 2 | |
| 0.5.522 | 7 / 2 | |
| 0.5.521 | 7 / 2 | |
| 0.5.520 | 7 / 2 | |
| 0.5.519 | 7 / 2 | |
| 0.5.518 | 7 / 2 | |
| 0.5.517 | 7 / 2 | |
| 0.5.516 | 7 / 2 | |
| 0.5.515 | 7 / 2 | |
| 0.5.514 | 7 / 2 | |
| 0.5.513 | 7 / 2 | |
| 0.5.512 | 7 / 2 | |
| 0.5.511 | 7 / 2 | |
| 0.5.510 | 7 / 2 | |
| 0.5.509 | 7 / 2 | |
| 0.5.500 | 7 / 2 | |
| 0.5.499 | 7 / 2 | |
| 0.5.497 | 7 / 2 | |
| 0.5.496 | 7 / 2 | |
| 0.5.495 | 7 / 2 | |
| 0.5.494 | 7 / 2 | |
| 0.5.493 | 7 / 2 | |
| 0.5.492 | 5 / 2 | |
| 0.5.491 | 5 / 2 | |
| 0.5.490 | 5 / 2 | |
| 0.5.488 | 5 / 2 | |
| 0.5.487 | 5 / 2 | |
| 0.5.486 | 5 / 2 | |
| 0.5.485 | 5 / 2 | |
| 0.5.484 | 5 / 2 | |
| 0.5.483 | 5 / 2 | |
| 0.5.482 | 5 / 2 | |
| 0.5.481 | 5 / 2 | |
| 0.5.480 | 5 / 2 | |
| 0.5.479 | 5 / 2 | |
| 0.5.478 | 5 / 2 | |
| 0.5.477 | 5 / 2 | |
| 0.5.476 | 5 / 2 | |
| 0.5.475 | 5 / 2 | |
| 0.5.474 | 5 / 2 | |
| 0.5.473 | 5 / 2 | |
| 0.5.472 | 5 / 2 | |
| 0.5.471 | 5 / 2 | |
| 0.5.470 | 5 / 2 | |
| 0.5.469 | 5 / 2 | |
| 0.5.468 | 5 / 2 |
v0.5.578
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.577
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.576
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.575
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.574
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.573
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.572
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.571
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.570
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.569
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.568
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.567
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.566
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.565
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.564
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.563
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.562
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.561
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.560
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.559
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.558
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.557
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.556
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.555
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.554
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.553
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.552
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.551
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.550
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.549
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.548
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.547
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.546
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.545
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.544
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.543
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.542
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.541
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.540
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.539
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.538
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.537
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.536
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.535
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.533
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.532
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.531
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.530
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.529
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.528
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.527
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.526
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.525
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.524
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.523
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.522
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.521
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.520
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.519
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.518
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.517
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.516
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.515
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.514
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.513
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.512
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.511
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.510
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.509
2 findingsThis version was published by a different npm account than previous versions on 2026-05-21. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.500
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.499
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.497
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.496
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.495
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.494
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.493
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.492
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.491
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.490
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.488
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.487
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.486
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.485
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.484
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.483
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.482
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.481
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.480
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.479
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.478
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.477
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.476
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.475
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.474
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.473
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.472
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.471
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.470
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.469
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.468
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.