@secretlint/quick-start MIT 9 versions

@secretlint/quick-start

npm Repository Homepage

Quick Stater CLI for secretlint.

9

Versions

MIT

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

azu

Keywords

secretlintclinode.js

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
maintainer-change	maintainer-removed	AI (maintainer-change): Secretlint uses GitHub Actions CI publishing; bot account rotation is expected and SLSA provenance confirms CI/CD integrity.	ai	2026/05/31
publish-pattern	dormant-publish	AI (publish-pattern): SLSA provenance attestation via GitHub Actions CI/CD provides strong supply chain integrity; mitigates account-takeover concern.	ai	2026/05/29
phantom-deps	phantom-dep:@secretlint/secretlint-rule-preset-recommend	AI (phantom-deps): Same-org dependency declared in package.json and re-exported as part of quick-start bundle; stable false positive for this package.	ai	2026/04/28

Versions (showing 9 of 9)

Version	Deps	Published
13.0.2	2 / 3	2026-05-15
12.3.1	2 / 3	2026-04-26
12.2.0	2 / 3	2026-04-21
11.7.1	2 / 3	2026-04-13
11.6.0	2 / 3	2026-04-06
11.4.1	2 / 3	2026-03-29
11.4.0	2 / 3	2026-03-21
11.3.1	2 / 3	2026-01-28
11.3.0	2 / 3	2026-01-13

v13.0.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v12.3.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v12.2.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v11.7.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v11.6.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v11.4.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v11.4.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v11.3.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v11.3.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.