← Home

@powerlines/plugin-tsdown

npm Repository Homepage

A package containing a Powerlines plugin to assist in developing other Powerlines plugins.

6
Versions
Apache-2.0
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

stormie-botsullivanpj

Keywords

tsdownpowerlinesstorm-softwarepowerlines-plugin

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
phantom-deps phantom-dep:@stryke/helpers AI (phantom-deps): Declared as runtime dep; referenced in config files per finding — stable false positive for this package. ai
phantom-deps phantom-dep:@stryke/convert AI (phantom-deps): Declared as runtime dep; referenced in config files per finding — stable false positive for this package. ai
phantom-deps phantom-dep:powerlines AI (phantom-deps): Core plugin dependency; used through plugin system rather than direct imports. ai
phantom-deps phantom-dep:@stryke/type-checks AI (phantom-deps): Declared dependency used in plugin configuration; stable for this package. ai
phantom-deps phantom-dep:@stryke/path AI (phantom-deps): Declared dependency used in plugin configuration; stable for this package. ai
phantom-deps phantom-dep:defu AI (phantom-deps): Declared dependency used in plugin configuration; legitimate for plugin architecture. ai
phantom-deps phantom-dep:@powerlines/plugin-rolldown AI (phantom-deps): Same-org package declared as dependency but not directly imported; consistent with monorepo peer/type usage patterns for this package family. ai

Versions (showing 6 of 518)

Version Deps Published
0.1.5 6 / 3
0.1.4 6 / 3
0.1.3 6 / 3
0.1.2 6 / 3
0.1.1 6 / 3
0.1.0 6 / 3

v0.1.5

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.4

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.3

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.