@shopify/cli-kit — Greenflagged

A set of utilities, interfaces, and models that are common across all the platform features

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

jaimie.wayshopify-adminshopify-depmishsmellebuitammychris.craig

Keywords

shopifyshopify-clishopify-partners

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
dependencies	unvetted-dep:commondir	AI (dependencies): [email protected] is a stable, widely-used utility with no known issues; safe for this package.	ai	2026/05/22
phantom-deps	phantom-dep:graphql	AI (phantom-deps): graphql is a declared runtime dep used via graphql-request; phantom-dep heuristic false positive.	ai	2026/05/22
phantom-deps	phantom-dep:is-executable	AI (phantom-deps): is-executable is a declared runtime dep; phantom-dep heuristic false positive for this monorepo package.	ai	2026/05/22
phantom-deps	phantom-dep:@types/archiver	AI (phantom-deps): @types/archiver is a declared dep used alongside archiver; framework-scoped type package, stable false positive.	ai	2026/05/22
dependencies	unvetted-dep:network-interfaces	AI (dependencies): Standard network utility; expected in a CLI toolkit.	ai	2026/04/29
bogus-package	bogus-package	AI (bogus-package): Large Shopify monorepo package; empty toml entry point is a minimal re-export, README links are docs/community links, not phishing.	ai	2026/04/29
dependencies	unvetted-dep:node-abort-controller	AI (dependencies): Standard polyfill utility; expected in a CLI toolkit targeting Node 20+.	ai	2026/04/29
dependencies	unvetted-dep:@shopify/toml-patch	AI (dependencies): First-party Shopify dependency; consistent with this package's scope.	ai	2026/04/29
dependencies	unvetted-dep:color-json	AI (dependencies): Legitimate CLI utility dep; consistent with Shopify CLI toolkit usage.	ai	2026/04/29
dependencies	unvetted-dep:macaddress	AI (dependencies): Standard network utility; expected in a CLI toolkit for telemetry/device identification.	ai	2026/04/29
dependencies	unvetted-dep:is-executable	AI (dependencies): Standard filesystem utility; expected in a CLI toolkit.	ai	2026/04/29

Versions (showing 42 of 42)

Version	Deps	Published
4.1.0	56 / 12	2026-05-27
4.0.0	56 / 12	2026-05-21
3.94.3	56 / 12	2026-04-28
3.93.1	62 / 13	2026-04-06
3.88.0	64 / 14	2025-12-03
3.87.4	64 / 14	2025-11-14
3.87.3	64 / 14	2025-11-13
3.87.2	64 / 14	2025-11-12
3.87.1	64 / 14	2025-11-10
3.87.0	64 / 14	2025-11-06
3.86.1	64 / 14	2025-10-20
3.86.0	64 / 14	2025-10-17
3.85.5	64 / 14	2025-10-07
3.85.4	64 / 14	2025-09-30
3.85.3	64 / 14	2025-09-30
3.85.2	64 / 14	2025-09-26
3.85.1	64 / 14	2025-09-26
3.85.0	64 / 14	2025-09-25
3.84.2	64 / 14	2025-09-19
3.84.1	64 / 14	2025-08-29
3.84.0	64 / 14	2025-08-21
3.83.3	64 / 14	2025-08-06
3.83.2	64 / 14	2025-08-01
3.83.1	64 / 14	2025-07-28
3.83.0	64 / 14	2025-07-23
3.82.1	64 / 14	2025-07-11
3.82.0	64 / 14	2025-07-01
3.81.2	64 / 14	2025-06-13
3.81.1	64 / 14	2025-06-13
3.81.0	64 / 14	2025-06-11
3.80.7	64 / 14	2025-05-22
3.80.6	64 / 14	2025-05-21
3.80.5	64 / 14	2025-05-21
3.80.4	64 / 14	2025-05-21
3.80.3	64 / 14	2025-05-21
3.80.2	64 / 14	2025-05-21
3.80.1	64 / 14	2025-05-19
3.80.0	64 / 14	2025-05-16
3.79.2	63 / 13	2025-05-14
3.79.1	63 / 13	2025-05-07
3.79.0	63 / 13	2025-05-02
3.78.2	62 / 13	2025-04-28