@shell-shock/unified — Greenflagged

A package containing a Shell Shock plugin to generate unified built-in modules that display information about the application.

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

stormie-bot

Keywords

unifiedshell-shockpowerlinesstorm-software

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
dependencies	unvetted-dep:markdown-it	AI (dependencies): markdown-it is a well-established, widely-used markdown parser; stable false positive for this package.	ai	2026/05/30
source-diff	obfuscated-file:dist/html-Q3M4ibUm.cjs	AI (source-diff): Standard bundler minification output; code is readable and uses only declared deps with no malicious patterns.	ai	2026/05/28
source-diff	obfuscated-file:dist/html-DzwMMQv6.mjs	AI (source-diff): ESM counterpart of the same minified bundle; same reasoning applies.	ai	2026/05/28
phantom-deps	phantom-dep:markdown-it-container	AI (phantom-deps): Used as markdown-it plugin loaded via config; not directly imported at module level.	ai	2026/05/24
phantom-deps	phantom-dep:normalize-html-whitespace	AI (phantom-deps): Imported in bundled dist output; phantom-dep heuristic misses bundled imports.	ai	2026/05/24
phantom-deps	phantom-dep:markdown-it-task-lists	AI (phantom-deps): Same pattern as markdown-it-container; plugin loaded via config.	ai	2026/05/24
source-diff	obfuscated-file:dist/html-Dw6VvFHa.mjs	AI (source-diff): ESM counterpart of the same minified bundle; no obfuscation or malicious patterns.	ai	2026/05/24
source-diff	obfuscated-file:dist/html-UjWBxd-n.cjs	AI (source-diff): Standard bundler minification output; content is readable HTML-processing logic using declared deps.	ai	2026/05/24
phantom-deps	phantom-dep:markdown-it-footnote	AI (phantom-deps): Config-referenced dep; stable FP for this package.	ai	2026/05/02
phantom-deps	phantom-dep:@shell-shock/core	AI (phantom-deps): Same org scope; config-driven architecture.	ai	2026/05/02
phantom-deps	phantom-dep:@shell-shock/plugin-theme	AI (phantom-deps): Same org scope; config-driven architecture.	ai	2026/05/02
phantom-deps	phantom-dep:@mdit/plugin-alert	AI (phantom-deps): Config-driven plugin architecture; deps referenced in config files, not direct imports.	ai	2026/05/02
phantom-deps	phantom-dep:@stryke/type-checks	AI (phantom-deps): Config-driven plugin architecture; deps referenced in config files, not direct imports.	ai	2026/05/02
phantom-deps	phantom-dep:@stryke/string-format	AI (phantom-deps): Config-driven plugin architecture; deps referenced in config files, not direct imports.	ai	2026/05/02
phantom-deps	phantom-dep:markdown-it	AI (phantom-deps): Config-driven plugin architecture; deps referenced in config files, not direct imports.	ai	2026/05/02
phantom-deps	phantom-dep:markdown-it-sub	AI (phantom-deps): Config-driven plugin architecture; deps referenced in config files, not direct imports.	ai	2026/05/02
phantom-deps	phantom-dep:markdown-it-sup	AI (phantom-deps): Config-driven plugin architecture; deps referenced in config files, not direct imports.	ai	2026/05/02
phantom-deps	phantom-dep:markdown-it-abbr	AI (phantom-deps): Config-driven plugin architecture; deps referenced in config files, not direct imports.	ai	2026/05/02
phantom-deps	phantom-dep:markdown-it-mark	AI (phantom-deps): Config-driven plugin architecture; deps referenced in config files, not direct imports.	ai	2026/05/02
phantom-deps	phantom-dep:markdown-it-deflist	AI (phantom-deps): Config-driven plugin architecture; deps referenced in config files, not direct imports.	ai	2026/05/02
phantom-deps	phantom-dep:markdown-it-ins	AI (phantom-deps): Config-driven plugin architecture; deps referenced in config files, not direct imports.	ai	2026/05/02
phantom-deps	phantom-dep:chalk-string	AI (phantom-deps): Config-driven plugin architecture; deps referenced in config files, not direct imports.	ai	2026/05/02
phantom-deps	phantom-dep:terminal-size	AI (phantom-deps): Config-driven plugin architecture; deps referenced in config files, not direct imports.	ai	2026/05/02
phantom-deps	phantom-dep:he	AI (phantom-deps): Config-driven plugin architecture; deps referenced in config files, not direct imports.	ai	2026/05/02
phantom-deps	phantom-dep:defu	AI (phantom-deps): Config-driven plugin architecture; deps referenced in config files, not direct imports.	ai	2026/05/02
phantom-deps	phantom-dep:parse5	AI (phantom-deps): Config-driven plugin architecture; deps referenced in config files, not direct imports.	ai	2026/05/02
phantom-deps	phantom-dep:wrap-ansi	AI (phantom-deps): Config-driven plugin architecture; deps referenced in config files, not direct imports.	ai	2026/05/02
phantom-deps	phantom-dep:powerlines	AI (phantom-deps): Config-driven plugin architecture; deps referenced in config files, not direct imports.	ai	2026/05/02
phantom-deps	phantom-dep:@stryke/path	AI (phantom-deps): Config-driven plugin architecture; deps referenced in config files, not direct imports.	ai	2026/05/02

Versions (showing 13 of 13)

Version	Deps	Published
0.2.8	25 / 2	2026-05-05
0.2.6	25 / 2	2026-04-29
0.2.5	25 / 2	2026-04-15
0.2.4	25 / 2	2026-04-15
0.2.3	25 / 2	2026-04-14
0.2.2	25 / 2	2026-04-13
0.2.1	25 / 2	2026-04-11
0.2.0	25 / 2	2026-04-10
0.1.4	24 / 2	2026-04-09
0.1.3	24 / 2	2026-04-09
0.1.2	6 / 2	2026-04-09
0.1.1	6 / 2	2026-04-07
0.1.0	6 / 2	2026-04-07

v0.2.8

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.6

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.4

3 findings

HIGH New obfuscated file: dist/html-Q3M4ibUm.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/html-DzwMMQv6.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.1

3 findings

HIGH New obfuscated file: dist/html-UjWBxd-n.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/html-Dw6VvFHa.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.0

3 findings

HIGH New obfuscated file: dist/html-UjWBxd-n.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/html-Dw6VvFHa.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.