@powerlines/plugin-webpack

A package containing a Powerlines plugin to build projects using Webpack.

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

stormie-botsullivanpj

Keywords

webpackpowerlinesstorm-softwarepowerlines-plugin

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	obfuscated-file:dist/powerlines/src/lib/contexts/api-context.mjs	AI (source-diff): Rolldown minified bundle output; readable logic, no obfuscation or exfiltration.	ai	2026/05/13
source-diff	obfuscated-file:dist/powerlines/src/lib/contexts/api-context.cjs	AI (source-diff): Rolldown minified bundle output; readable logic, no obfuscation or exfiltration.	ai	2026/05/13
phantom-deps	phantom-dep:@stryke/helpers	AI (phantom-deps): Declared dep used via config/re-export pattern in this monorepo; stable false positive.	ai	2026/05/13
source-diff	obfuscated-file:dist/powerlines/src/lib/contexts/environment-context.cjs	AI (source-diff): Rolldown-bundled CJS output. Content is readable environment context implementation. SLSA provenance confirmed.	ai	2026/04/27
source-diff	obfuscated-file:dist/powerlines/schemas/fs.cjs	AI (source-diff): Rolldown-bundled CJS output implementing Cap'n Proto schema structs. Legitimate build artifact. SLSA provenance confirmed.	ai	2026/04/27
source-diff	obfuscated-file:dist/powerlines/src/internal/helpers/resolve-tsconfig.cjs	AI (source-diff): Rolldown-bundled CJS output for TypeScript config resolution. Readable, legitimate code. SLSA provenance confirmed.	ai	2026/04/27
source-diff	obfuscated-file:dist/powerlines/src/lib/fs/vfs.cjs	AI (source-diff): Rolldown-bundled CJS output implementing virtual filesystem. Readable, legitimate code. SLSA provenance confirmed.	ai	2026/04/27
source-diff	obfuscated-file:dist/powerlines/src/api.cjs	AI (source-diff): Rolldown-bundled CJS output with readable identifiers and legitimate imports. SLSA provenance confirms CI/CD build origin. Standard for this package's build pipeline.	ai	2026/04/27
source-diff	obfuscated-file:dist/powerlines/src/lib/contexts/context.cjs	AI (source-diff): Rolldown-bundled CJS output. Content is readable plugin context implementation code. SLSA provenance confirmed.	ai	2026/04/27
publish-pattern	new-deps-added	AI (publish-pattern): unplugin is a well-known plugin framework; addition is semantically consistent with the new ./helpers/unplugin export path. Not a suspicious dependency.	ai	2026/04/27
provenance	publisher-changed	AI (provenance): Storm Software migrated publishing from stormie-bot to GitHub Actions with SLSA provenance attestation — a supply chain improvement, not a compromise. Stable for this package.	ai	2026/04/27
phantom-deps	phantom-dep:@stryke/types	AI (phantom-deps): Type definitions used in plugin implementation; legitimate for TypeScript-based plugins.	ai	2026/04/27
phantom-deps	phantom-dep:webpack	AI (phantom-deps): Webpack is the core framework for this plugin; referenced in config/plugin interface rather than direct imports.	ai	2026/04/27
phantom-deps	phantom-dep:jiti	AI (phantom-deps): jiti is used for dynamic imports in webpack plugin configuration; legitimate pattern for build tools.	ai	2026/04/27
phantom-deps	phantom-dep:defu	AI (phantom-deps): defu is used for config merging in webpack plugins; referenced in config files rather than direct imports.	ai	2026/04/27
phantom-deps	phantom-dep:powerlines	AI (phantom-deps): powerlines is the plugin framework; referenced in plugin interface rather than direct imports.	ai	2026/04/27
phantom-deps	phantom-dep:@stryke/fs	AI (phantom-deps): Utility dependency for file operations; referenced in config/plugin logic rather than direct imports.	ai	2026/04/27
phantom-deps	phantom-dep:@stryke/path	AI (phantom-deps): Utility dependency for path operations; referenced in config/plugin logic rather than direct imports.	ai	2026/04/27
phantom-deps	phantom-dep:@stryke/type-checks	AI (phantom-deps): Utility dependency for type checking; referenced in plugin logic rather than direct imports.	ai	2026/04/27
dependencies	unvetted-dep:@powerlines/core	AI (dependencies): @powerlines/core is a first-party dependency from the same Storm Software organization as this package; unvetted status reflects pipeline ordering, not a third-party risk.	ai	2026/04/25
dependencies	unvetted-dep:@stryke/path	AI (dependencies): @stryke/path is another Storm Software namespace package; consistent with same-publisher ecosystem dependency, not an external unknown.	ai	2026/04/25

Versions (showing 51 of 363)

View all versions

Version	Deps	Published
0.5.578	7 / 2	2026-06-05
0.5.577	7 / 2	2026-06-05
0.5.576	7 / 2	2026-06-05
0.5.575	7 / 2	2026-06-03
0.5.574	7 / 2	2026-06-03
0.5.573	7 / 2	2026-06-03
0.5.572	7 / 2	2026-06-03
0.5.571	7 / 2	2026-06-03
0.5.570	7 / 2	2026-06-03
0.5.569	7 / 2	2026-06-03
0.5.568	7 / 2	2026-06-03
0.5.567	7 / 2	2026-06-03
0.5.566	7 / 2	2026-06-03
0.5.565	7 / 2	2026-06-03
0.5.564	7 / 2	2026-06-03
0.5.563	7 / 2	2026-06-03
0.5.562	7 / 2	2026-06-02
0.5.561	7 / 2	2026-06-02
0.5.560	7 / 2	2026-06-02
0.5.559	7 / 2	2026-06-02
0.5.558	7 / 2	2026-06-02
0.5.557	7 / 2	2026-06-02
0.5.556	7 / 2	2026-06-01
0.5.555	7 / 2	2026-06-01
0.5.554	7 / 2	2026-06-01
0.5.553	7 / 2	2026-06-01
0.5.552	7 / 2	2026-06-01
0.5.551	7 / 2	2026-06-01
0.5.550	7 / 2	2026-06-01
0.5.549	7 / 2	2026-06-01
0.5.548	7 / 2	2026-05-31
0.5.547	7 / 2	2026-05-31
0.5.546	7 / 2	2026-05-31
0.5.545	7 / 2	2026-05-31
0.5.544	7 / 2	2026-05-31
0.5.543	7 / 2	2026-05-30
0.5.542	7 / 2	2026-05-30
0.5.541	7 / 2	2026-05-30
0.5.540	7 / 2	2026-05-30
0.5.539	7 / 2	2026-05-30
0.5.538	7 / 2	2026-05-30
0.5.537	7 / 2	2026-05-28
0.5.536	7 / 2	2026-05-28
0.5.535	7 / 2	2026-05-28
0.5.533	7 / 2	2026-05-28
0.5.532	7 / 2	2026-05-28
0.5.531	7 / 2	2026-05-27
0.5.530	7 / 2	2026-05-27
0.5.529	7 / 2	2026-05-27
0.5.528	7 / 2	2026-05-27
0.5.527	7 / 2	2026-05-27