@proofkit/cli
Create web application with the ProofKit stack
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:env-spread | AI (semgrep): Passing process.env to spawnSync is standard CLI child-process pattern, not exfiltration. | ai | |
| semgrep | semgrep:shady-links-raw-ip | AI (semgrep): Raw IP is 127.0.0.1 (localhost default) in a template file; not a malicious remote endpoint. | ai | |
| phantom-deps | phantom-dep:@clack/core | AI (phantom-deps): Referenced in config files; CLI tool pattern, stable false positive. | ai | |
| typosquat | typosquat.levenshtein:joi | AI (typosquat): Scoped package @proofkit/cli is unrelated to joi; Levenshtein match is a false positive for this namespace. | ai | |
| phantom-deps | phantom-dep:@ianvs/prettier-plugin-sort-imports | AI (phantom-deps): Prettier plugin loaded via config convention, not direct import; stable false positive. | ai | |
| phantom-deps | phantom-dep:@types/glob | AI (phantom-deps): Type-only package loaded by framework convention; stable false positive. | ai | |
| phantom-deps | phantom-dep:jiti | AI (phantom-deps): CLI tooling commonly uses jiti for config loading by convention; stable false positive. | ai |
Versions (showing 7 of 7)
| Version | Deps | Published |
|---|---|---|
| 2.0.7 | 0 / 72 | |
| 2.0.6 | 0 / 72 | |
| 2.0.5 | 0 / 72 | |
| 2.0.4 | 0 / 72 | |
| 2.0.3 | 0 / 72 | |
| 1.1.6 | 25 / 37 | |
| 1.1.5 | 25 / 36 |
v2.0.7
2 findingsSpreading entire process.env into an object — may capture all secrets 24 | const result = spawnSync(command, args, { 25 | stdio: "inherit", > 26 | env: { 27 | ...process.env, 28 | PROOFKIT_PKG_ROOT: path.resolve(__dirname, ".."),
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.0.6
2 findingsSpreading entire process.env into an object — may capture all secrets 24 | const result = spawnSync(command, args, { 25 | stdio: "inherit", > 26 | env: { 27 | ...process.env, 28 | PROOFKIT_PKG_ROOT: path.resolve(__dirname, ".."),
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.0.5
2 findingsSpreading entire process.env into an object — may capture all secrets 24 | const result = spawnSync(command, args, { 25 | stdio: "inherit", > 26 | env: { 27 | ...process.env, 28 | PROOFKIT_PKG_ROOT: path.resolve(__dirname, ".."),
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.0.4
2 findingsSpreading entire process.env into an object — may capture all secrets 24 | const result = spawnSync(command, args, { 25 | stdio: "inherit", > 26 | env: { 27 | ...process.env, 28 | PROOFKIT_PKG_ROOT: path.resolve(__dirname, ".."),
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.0.3
2 findingsSpreading entire process.env into an object — may capture all secrets 24 | const result = spawnSync(command, args, { 25 | stdio: "inherit", > 26 | env: { 27 | ...process.env, 28 | PROOFKIT_PKG_ROOT: path.resolve(__dirname, ".."),
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.1.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.