@pulumi/pulumi — Greenflagged

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

joeduffypulumi-bot

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
dependencies	unvetted-dep:@pulumi/query	AI (dependencies): First-party Pulumi package; stable dependency across all @pulumi/pulumi versions.	ai	2026/06/05
phantom-deps	phantom-dep:pkg-dir	AI (phantom-deps): Declared but not directly imported; consistent with build/config tooling in this package.	ai	2026/06/04
phantom-deps	phantom-dep:@types/tmp	AI (phantom-deps): @types/* packages are loaded by TypeScript convention; properly declared in dependencies.	ai	2026/04/25
phantom-deps	phantom-dep:package-directory	AI (phantom-deps): package-directory is legitimately declared and used in build/config files; expected for SDK packages.	ai	2026/04/25
phantom-deps	phantom-dep:@types/google-protobuf	AI (phantom-deps): @types/* packages are loaded by TypeScript convention; properly declared in dependencies.	ai	2026/04/25
phantom-deps	phantom-dep:@types/semver	AI (phantom-deps): @types/* packages are loaded by TypeScript convention; properly declared in dependencies.	ai	2026/04/25
phantom-deps	phantom-dep:picomatch	AI (phantom-deps): picomatch is legitimately declared and used in build/config files; expected for SDK packages.	ai	2026/04/25
semgrep	semgrep:dynamic-require	AI (semgrep): Dynamic require is used to load optional peer deps (ts-node, typescript) by name at runtime — a documented pattern for optional peer dependency loading in this SDK.	ai	2026/04/24
semgrep	semgrep:base64-decode	AI (semgrep): getValue_asB64() is standard protobuf API for accessing binary fields over gRPC; not obfuscation or payload hiding.	ai	2026/04/24

Versions (showing 51 of 140)

View all versions

Version	Deps	Published
3.245.0	27 / 22	2026-06-04
3.244.0	27 / 22	2026-05-28
3.243.0	27 / 22	2026-05-22
3.242.0	27 / 22	2026-05-19
3.241.0	27 / 22	2026-05-18
3.239.0	27 / 22	2026-05-14
3.238.0	27 / 22	2026-05-13
3.237.0	27 / 22	2026-05-08
3.236.0	27 / 22	2026-05-07
3.235.0	27 / 22	2026-05-05
3.234.0	27 / 22	2026-05-01
3.233.0	27 / 22	2026-04-30
3.232.0	27 / 22	2026-04-23
3.231.0	27 / 22	2026-04-16
3.230.0	29 / 22	2026-04-08
3.229.0	29 / 22	2026-04-02
3.228.0	29 / 22	2026-03-25
3.227.0	29 / 22	2026-03-19
3.226.0	29 / 22	2026-03-13
3.225.1	29 / 22	2026-03-05
3.225.0	29 / 22	2026-03-04
3.224.0	28 / 22	2026-02-26
3.223.0	28 / 22	2026-02-20
3.222.0	28 / 22	2026-02-19
3.221.0	28 / 22	2026-02-17
3.220.0	28 / 22	2026-02-10
3.219.0	28 / 22	2026-02-05
3.218.0	28 / 22	2026-01-29
3.217.1	28 / 22	2026-01-27
3.217.0	28 / 22	2026-01-23
3.216.0	28 / 22	2026-01-16
3.215.0	28 / 22	2026-01-07
3.214.1	28 / 22	2026-01-03
3.214.0	28 / 22	2025-12-30
3.213.0	28 / 22	2025-12-17
3.212.0	28 / 22	2025-12-12
3.211.0	28 / 22	2025-12-12
3.210.0	28 / 22	2025-12-03
3.209.0	28 / 23	2025-11-26
3.208.0	28 / 23	2025-11-20
3.207.0	28 / 23	2025-11-12
3.206.0	28 / 23	2025-11-05
3.205.0	28 / 23	2025-10-29
3.204.0	28 / 23	2025-10-23
3.203.0	28 / 23	2025-10-16
3.202.0	28 / 23	2025-10-10
3.201.0	28 / 23	2025-10-06
3.200.0	28 / 23	2025-10-03
3.199.0	28 / 23	2025-10-02
3.198.0	28 / 23	2025-09-26
3.197.0	28 / 23	2025-09-17