@sap-devx/inquirer-gui Apache-2.0 2 versions

@sap-devx/inquirer-gui

npm Repository Homepage

Inquirer Graphical User Interface

Versions

Apache-2.0

License

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

shaharsrima.sirichsap-ospo-admin

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
phantom-deps	phantom-dep:lodash	AI (phantom-deps): Build bundle pattern; lodash used transitively or in config, stable false positive for this package.	ai	2026/05/14
phantom-deps	phantom-dep:vuetify	AI (phantom-deps): Vue UI framework referenced in build config; stable false positive for this package.	ai	2026/05/14
phantom-deps	phantom-dep:strip-ansi	AI (phantom-deps): Utility used in build/config context; stable false positive for this package.	ai	2026/05/14
phantom-deps	phantom-dep:@vscode-elements/elements	AI (phantom-deps): VS Code UI component dep referenced in config; stable false positive for this package.	ai	2026/05/14

Version	Deps	Published
3.4.11	5 / 18	2026-06-04
3.4.10	5 / 18	2026-04-28

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.