@rexeus/typeweaver
๐งตโจ Typeweaver CLI. Entry point into the Typeweaver framework to scaffold, validate, and generate API assets.
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:@rexeus/typeweaver-openapi | AI (phantom-deps): Same-org sibling package, consistent with other accepted phantom-dep findings for this package. | ai | |
| source-diff | obfuscated-file:dist/cli-D5DHO8r6.js | AI (source-diff): Main CLI bundle; readable code using commander/ejs/fs, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/cli-Nz3HYFYF.js | AI (source-diff): Main CLI bundle; readable imports and logic visible in sample, standard pkgroll output. | ai | |
| source-diff | obfuscated-file:dist/cli-BZCmysZl.js | AI (source-diff): CLI bundle built by pkgroll; readable imports and logic visible in sample. | ai | |
| source-diff | obfuscated-file:dist/cli-CaJhPgaT.js | AI (source-diff): Main CLI bundle; readable application logic, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/html-BwjSBi_v.js | AI (source-diff): Minified prettier html plugin bundle; expected artifact. | ai | |
| source-diff | obfuscated-file:dist/glimmer-DiXjs4DB.js | AI (source-diff): Minified prettier glimmer plugin bundle; expected artifact. | ai | |
| source-diff | obfuscated-file:dist/flow-DgzFy9Js.js | AI (source-diff): Minified prettier flow plugin bundle; expected artifact. | ai | |
| source-diff | obfuscated-file:dist/estree-BfVT8G2n.js | AI (source-diff): Minified prettier estree plugin bundle; expected artifact. | ai | |
| source-diff | obfuscated-file:dist/cli-Cin8VieP.js | AI (source-diff): Minified CLI bundle; code sample shows standard commander/fs/ejs usage, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/babel-DNmSIBHM.js | AI (source-diff): Minified Rollup bundle of @babel/parser; expected artifact for this CLI tool. | ai | |
| source-diff | obfuscated-file:dist/acorn-CJ4HNU11.js | AI (source-diff): Minified Rollup bundle of acorn/JSX parser; expected artifact for this CLI tool. | ai | |
| source-diff | obfuscated-file:dist/typescript-DDNbhgng.js | AI (source-diff): Minified TypeScript parser bundle; expected artifact. | ai | |
| source-diff | obfuscated-file:dist/meriyah-CbAY3E55.js | AI (source-diff): Minified meriyah parser bundle; expected artifact. | ai | |
| source-diff | obfuscated-file:dist/markdown-DWIPYE8e.js | AI (source-diff): Minified prettier markdown plugin bundle; expected artifact. | ai | |
| source-diff | obfuscated-file:dist/flow-q2wMXrDa.js | AI (source-diff): Bundled flow/parser library (recognizable AST node names); minified third-party dependency, not malicious. | ai | |
| source-diff | obfuscated-file:dist/cli-Cz6q9I7F.js | AI (source-diff): Standard pkgroll bundle output; samples show legitimate CLI/generator code, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/glimmer-wgjvri6H.js | AI (source-diff): Bundled prettier glimmer plugin; sample shows standard prettier doc IR code. | ai | |
| source-diff | obfuscated-file:dist/markdown-Nz6Lc3gB.js | AI (source-diff): Bundled prettier markdown plugin; sample shows remark tokenizer internals. | ai | |
| source-diff | obfuscated-file:dist/typescript-Cv79a1Qz.js | AI (source-diff): Bundled prettier TypeScript plugin; sample shows TS parser version string and AST utilities. | ai | |
| publish-pattern | new-deps-added | AI (publish-pattern): ejs is a well-established templating library matching the new template-generation feature. | ai | |
| source-diff | obfuscated-file:dist/markdown-Xi16tYTk.js | AI (source-diff): Minified markdown library bundle; standard rollup output, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/cli-CteKWdCY.js | AI (source-diff): Hashed-chunk bundler output (pkgroll/rollup); readable imports and class definitions, not obfuscated. | ai | |
| source-diff | net-exec-file:dist/cli-AH4H-B8Q.mjs | AI (source-diff): CLI bundle using oxc-transform for TS compilation; no actual network fetch or dropper behavior in sampled code. | ai | |
| source-diff | net-exec-file:dist/cli-gJQliCVf.mjs | AI (source-diff): CLI bundle uses dynamic import() for optional oxfmt formatter; no remote code fetch or eval present. | ai | |
| source-diff | net-exec-file:dist/cli.mjs | AI (source-diff): Same CLI bundle; plugin loader pattern is legitimate for this package. | ai | |
| source-diff | source-size-dropped | AI (source-diff): Code moved to sub-packages (@rexeus/typeweaver-*); size drop is expected refactor artifact. | ai | |
| source-diff | net-exec-file:dist/cli-Cs-6XYwL.mjs | AI (source-diff): CLI tool using dynamic import for user-supplied plugins; no malicious network+eval pattern present. | ai | |
| phantom-deps | phantom-dep:@rexeus/typeweaver-server | AI (phantom-deps): Monorepo sub-package; CLI entry-point re-exports rather than directly imports it. | ai | |
| phantom-deps | phantom-dep:oxc-transform | AI (phantom-deps): Referenced in build config files; stable false positive for this bundler-using package. | ai | |
| phantom-deps | phantom-dep:@rexeus/typeweaver-clients | AI (phantom-deps): Monorepo sub-package; CLI entry-point re-exports rather than directly imports it. | ai | |
| phantom-deps | phantom-dep:@rexeus/typeweaver-aws-cdk | AI (phantom-deps): Monorepo sub-package; CLI entry-point re-exports rather than directly imports it. | ai | |
| phantom-deps | phantom-dep:@rexeus/typeweaver-hono | AI (phantom-deps): Monorepo sub-package; CLI entry-point re-exports rather than directly imports it. | ai |
Versions (showing 33 of 33)
| Version | Deps | Published |
|---|---|---|
| 0.12.0 | 11 / 3 | |
| 0.11.0 | 10 / 3 | |
| 0.10.5 | 10 / 3 | |
| 0.10.4 | 10 / 3 | |
| 0.10.3 | 10 / 3 | |
| 0.10.2 | 10 / 3 | |
| 0.10.1 | 10 / 3 | |
| 0.10.0 | 10 / 3 | |
| 0.9.2 | 12 / 3 | |
| 0.9.1 | 12 / 3 | |
| 0.9.0 | 12 / 3 | |
| 0.8.0 | 11 / 3 | |
| 0.7.0 | 11 / 3 | |
| 0.6.5 | 11 / 3 | |
| 0.6.4 | 10 / 3 | |
| 0.6.3 | 10 / 3 | |
| 0.6.2 | 10 / 3 | |
| 0.6.1 | 10 / 3 | |
| 0.6.0 | 10 / 3 | |
| 0.5.1 | 10 / 4 | |
| 0.5.0 | 9 / 4 | |
| 0.4.2 | 9 / 5 | |
| 0.4.1 | 9 / 5 | |
| 0.4.0 | 9 / 5 | |
| 0.2.1 | 3 / 10 | |
| 0.2.0 | 3 / 10 | |
| 0.1.2 | 3 / 10 | |
| 0.1.1 | 3 / 10 | |
| 0.1.0 | 3 / 10 | |
| 0.0.4 | 3 / 10 | |
| 0.0.3 | 3 / 9 | |
| 0.0.2 | 2 / 9 | |
| 0.0.1 | 2 / 9 |
v0.12.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.11.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.9.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.9.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.9.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.0
3 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.5
3 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.4
3 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.3
3 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.2
3 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.1
3 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.0
3 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.1
11 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.0
11 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.2
11 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.1
11 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.0
11 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.4
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.3
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.