@saxon-he/cli
Wrapper de Saxon-HE para transformaciones XSLT en Node.js
1
Versions
MIT
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
gitHead linked
Maintainers
alym
Keywords
saxonxslttransformacioncadena originalcfdisatjavaclinodetypescript
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| typosquat | typosquat.levenshtein:joi | AI (typosquat): Scoped package @saxon-he/cli is a Saxon-HE XSLT wrapper with 537 days of history and 12 versions. Levenshtein match to 'joi' is purely coincidental; no impersonation intent. | ai | |
| phantom-deps | phantom-dep:@esm2cjs/execa | AI (phantom-deps): Dependency is declared in package.json and used indirectly via config; phantom-dep flag is a false positive for this package's build setup. | ai |
Versions (showing 1 of 1)
| Version | Deps | Published |
|---|---|---|
| 12.5.2 | 1 / 11 |
v12.5.2
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.