@powerlines/plugin-webpack
A package containing a Powerlines plugin to build projects using Webpack.
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/powerlines/src/lib/contexts/api-context.mjs | AI (source-diff): Rolldown minified bundle output; readable logic, no obfuscation or exfiltration. | ai | |
| source-diff | obfuscated-file:dist/powerlines/src/lib/contexts/api-context.cjs | AI (source-diff): Rolldown minified bundle output; readable logic, no obfuscation or exfiltration. | ai | |
| phantom-deps | phantom-dep:@stryke/helpers | AI (phantom-deps): Declared dep used via config/re-export pattern in this monorepo; stable false positive. | ai | |
| source-diff | obfuscated-file:dist/powerlines/src/lib/contexts/environment-context.cjs | AI (source-diff): Rolldown-bundled CJS output. Content is readable environment context implementation. SLSA provenance confirmed. | ai | |
| source-diff | obfuscated-file:dist/powerlines/schemas/fs.cjs | AI (source-diff): Rolldown-bundled CJS output implementing Cap'n Proto schema structs. Legitimate build artifact. SLSA provenance confirmed. | ai | |
| source-diff | obfuscated-file:dist/powerlines/src/internal/helpers/resolve-tsconfig.cjs | AI (source-diff): Rolldown-bundled CJS output for TypeScript config resolution. Readable, legitimate code. SLSA provenance confirmed. | ai | |
| source-diff | obfuscated-file:dist/powerlines/src/lib/fs/vfs.cjs | AI (source-diff): Rolldown-bundled CJS output implementing virtual filesystem. Readable, legitimate code. SLSA provenance confirmed. | ai | |
| source-diff | obfuscated-file:dist/powerlines/src/api.cjs | AI (source-diff): Rolldown-bundled CJS output with readable identifiers and legitimate imports. SLSA provenance confirms CI/CD build origin. Standard for this package's build pipeline. | ai | |
| source-diff | obfuscated-file:dist/powerlines/src/lib/contexts/context.cjs | AI (source-diff): Rolldown-bundled CJS output. Content is readable plugin context implementation code. SLSA provenance confirmed. | ai | |
| publish-pattern | new-deps-added | AI (publish-pattern): unplugin is a well-known plugin framework; addition is semantically consistent with the new ./helpers/unplugin export path. Not a suspicious dependency. | ai | |
| provenance | publisher-changed | AI (provenance): Storm Software migrated publishing from stormie-bot to GitHub Actions with SLSA provenance attestation — a supply chain improvement, not a compromise. Stable for this package. | ai | |
| phantom-deps | phantom-dep:@stryke/types | AI (phantom-deps): Type definitions used in plugin implementation; legitimate for TypeScript-based plugins. | ai | |
| phantom-deps | phantom-dep:webpack | AI (phantom-deps): Webpack is the core framework for this plugin; referenced in config/plugin interface rather than direct imports. | ai | |
| phantom-deps | phantom-dep:jiti | AI (phantom-deps): jiti is used for dynamic imports in webpack plugin configuration; legitimate pattern for build tools. | ai | |
| phantom-deps | phantom-dep:defu | AI (phantom-deps): defu is used for config merging in webpack plugins; referenced in config files rather than direct imports. | ai | |
| phantom-deps | phantom-dep:powerlines | AI (phantom-deps): powerlines is the plugin framework; referenced in plugin interface rather than direct imports. | ai | |
| phantom-deps | phantom-dep:@stryke/fs | AI (phantom-deps): Utility dependency for file operations; referenced in config/plugin logic rather than direct imports. | ai | |
| phantom-deps | phantom-dep:@stryke/path | AI (phantom-deps): Utility dependency for path operations; referenced in config/plugin logic rather than direct imports. | ai | |
| phantom-deps | phantom-dep:@stryke/type-checks | AI (phantom-deps): Utility dependency for type checking; referenced in plugin logic rather than direct imports. | ai | |
| dependencies | unvetted-dep:@powerlines/core | AI (dependencies): @powerlines/core is a first-party dependency from the same Storm Software organization as this package; unvetted status reflects pipeline ordering, not a third-party risk. | ai | |
| dependencies | unvetted-dep:@stryke/path | AI (dependencies): @stryke/path is another Storm Software namespace package; consistent with same-publisher ecosystem dependency, not an external unknown. | ai |
Versions (showing 100 of 375)
| Version | Deps | Published |
|---|---|---|
| 0.5.467 | 6 / 2 | |
| 0.5.466 | 6 / 2 | |
| 0.5.465 | 6 / 2 | |
| 0.5.464 | 6 / 2 | |
| 0.5.463 | 6 / 2 | |
| 0.5.462 | 6 / 2 | |
| 0.5.461 | 6 / 2 | |
| 0.5.460 | 6 / 2 | |
| 0.5.457 | 5 / 2 | |
| 0.5.456 | 5 / 2 | |
| 0.5.455 | 5 / 2 | |
| 0.5.453 | 5 / 2 | |
| 0.5.452 | 5 / 2 | |
| 0.5.451 | 5 / 2 | |
| 0.5.450 | 5 / 2 | |
| 0.5.449 | 5 / 2 | |
| 0.5.448 | 5 / 2 | |
| 0.5.447 | 5 / 2 | |
| 0.5.446 | 5 / 2 | |
| 0.5.445 | 5 / 2 | |
| 0.5.444 | 5 / 2 | |
| 0.5.443 | 5 / 2 | |
| 0.5.442 | 5 / 2 | |
| 0.5.441 | 4 / 2 | |
| 0.5.440 | 4 / 2 | |
| 0.5.439 | 4 / 2 | |
| 0.5.438 | 4 / 2 | |
| 0.5.437 | 4 / 2 | |
| 0.5.436 | 4 / 2 | |
| 0.5.435 | 4 / 2 | |
| 0.5.434 | 4 / 2 | |
| 0.5.433 | 4 / 2 | |
| 0.5.432 | 4 / 2 | |
| 0.5.431 | 4 / 2 | |
| 0.5.430 | 4 / 2 | |
| 0.5.429 | 4 / 2 | |
| 0.5.428 | 4 / 2 | |
| 0.5.427 | 4 / 2 | |
| 0.5.426 | 4 / 2 | |
| 0.5.425 | 4 / 2 | |
| 0.5.424 | 4 / 2 | |
| 0.5.423 | 4 / 2 | |
| 0.5.422 | 4 / 2 | |
| 0.5.421 | 4 / 2 | |
| 0.5.420 | 4 / 2 | |
| 0.5.419 | 4 / 2 | |
| 0.5.418 | 4 / 2 | |
| 0.5.417 | 4 / 2 | |
| 0.5.416 | 4 / 2 | |
| 0.5.415 | 4 / 2 | |
| 0.5.414 | 4 / 2 | |
| 0.5.413 | 4 / 2 | |
| 0.5.412 | 4 / 2 | |
| 0.5.411 | 4 / 2 | |
| 0.5.410 | 4 / 2 | |
| 0.5.409 | 4 / 2 | |
| 0.5.408 | 4 / 2 | |
| 0.5.407 | 4 / 2 | |
| 0.5.406 | 4 / 2 | |
| 0.5.405 | 4 / 2 | |
| 0.5.404 | 4 / 2 | |
| 0.5.403 | 4 / 2 | |
| 0.5.402 | 4 / 2 | |
| 0.5.401 | 4 / 2 | |
| 0.5.400 | 4 / 2 | |
| 0.5.399 | 4 / 2 | |
| 0.5.398 | 4 / 2 | |
| 0.5.397 | 4 / 2 | |
| 0.5.396 | 4 / 2 | |
| 0.5.395 | 4 / 2 | |
| 0.5.394 | 4 / 2 | |
| 0.5.393 | 4 / 2 | |
| 0.5.392 | 4 / 2 | |
| 0.5.391 | 4 / 2 | |
| 0.5.390 | 4 / 2 | |
| 0.5.389 | 4 / 2 | |
| 0.5.388 | 4 / 2 | |
| 0.5.387 | 4 / 2 | |
| 0.5.386 | 4 / 2 | |
| 0.5.385 | 4 / 2 | |
| 0.5.384 | 4 / 2 | |
| 0.5.383 | 4 / 2 | |
| 0.5.382 | 4 / 2 | |
| 0.5.381 | 4 / 2 | |
| 0.5.380 | 4 / 2 | |
| 0.5.379 | 4 / 2 | |
| 0.5.378 | 4 / 2 | |
| 0.5.377 | 4 / 2 | |
| 0.5.376 | 4 / 2 | |
| 0.5.375 | 4 / 2 | |
| 0.5.374 | 4 / 2 | |
| 0.5.373 | 4 / 2 | |
| 0.5.372 | 4 / 2 | |
| 0.5.371 | 4 / 2 | |
| 0.5.370 | 4 / 2 | |
| 0.5.369 | 4 / 2 | |
| 0.5.368 | 4 / 2 | |
| 0.5.367 | 4 / 2 | |
| 0.5.365 | 4 / 2 | |
| 0.5.364 | 4 / 2 |
v0.5.467
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.466
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.465
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.464
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.463
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.462
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.461
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.460
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.457
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.456
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.455
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.453
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.452
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.451
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.450
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.449
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.448
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.447
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.446
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.445
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.444
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.443
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.413
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.412
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.411
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.410
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.409
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.408
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.407
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.406
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.405
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.404
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.403
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.402
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.401
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.400
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.399
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.398
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.397
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.396
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.395
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.394
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.393
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.392
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.391
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.390
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.389
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.388
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.387
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.386
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.385
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.384
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.383
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.382
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.381
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.380
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.379
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.378
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.377
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.376
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.375
2 findingsThis version was published by a different npm account than previous versions on 2026-03-23. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.374
2 findingsThis version was published by a different npm account than previous versions on 2026-03-23. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.373
2 findingsThis version was published by a different npm account than previous versions on 2026-03-22. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.372
2 findingsThis version was published by a different npm account than previous versions on 2026-03-22. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.371
2 findingsThis version was published by a different npm account than previous versions on 2026-03-22. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.370
2 findingsThis version was published by a different npm account than previous versions on 2026-03-21. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.369
2 findingsThis version was published by a different npm account than previous versions on 2026-03-19. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.368
2 findingsThis version was published by a different npm account than previous versions on 2026-03-19. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.367
2 findingsThis version was published by a different npm account than previous versions on 2026-03-19. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.365
2 findingsThis version was published by a different npm account than previous versions on 2026-03-18. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.364
2 findingsThis version was published by a different npm account than previous versions on 2026-03-18. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.