@sarxina/chatgod-js
Twitch chat + redeem manager with TTS, OBS control, and a React frontend
4
Versions
ISC
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
gitHead linked
Maintainers
sarxina
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:@twurple/auth | AI (phantom-deps): Twurple auth is a core dep for Twitch integration; phantom detection is a false positive for this package structure. | ai | |
| phantom-deps | phantom-dep:@twurple/chat | AI (phantom-deps): Twurple chat is a core dep for Twitch chat management; false positive. | ai | |
| phantom-deps | phantom-dep:react | AI (phantom-deps): react is used in src/client subdirectory; phantom-dep fires because it's not imported in the server-side entry point. | ai | |
| phantom-deps | phantom-dep:react-dom | AI (phantom-deps): react-dom is used in src/client subdirectory; same monorepo structure explains the false positive. | ai | |
| phantom-deps | phantom-dep:socket.io-client | AI (phantom-deps): socket.io-client is used in the React client subdirectory, not the server entry point. | ai |
Versions (showing 4 of 4)
| Version | Deps | Published |
|---|---|---|
| 0.1.7 | 12 / 8 | |
| 0.1.2 | 12 / 9 | |
| 0.1.1 | 12 / 9 | |
| 0.1.0 | 11 / 9 |
v0.1.7
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.