@sigmashake/ssg
AI Agent Governance CLI — evaluate tool calls against rules, block dangerous operations, and surface blocked commands
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| publish-pattern | rapid-publish | AI (publish-pattern): 268 versions published via automated CI pipeline; rapid publish is the established release pattern. | ai | |
| phantom-deps | phantom-dep:re2 | AI (phantom-deps): re2 is a declared runtime dep used by native bindings; phantom-dep heuristic false positive here. | ai | |
| install-scripts | install-script:postinstall | AI (install-scripts): Postinstall runs a local cleanup script, not a network fetch; consistent with CLI tool setup. | ai | |
| typosquat | typosquat.levenshtein:pg | AI (typosquat): Scoped package @sigmashake/ssg; no plausible squatting of 'pg' — name similarity is coincidental. | ai | |
| semgrep | semgrep:child-process-import | AI (semgrep): CLI tool that spawns subprocesses; child_process usage is core to its documented functionality. | ai | |
| semgrep | semgrep:env-spread | AI (semgrep): env-spread is used to pass process.env to a subprocess with an added path variable — standard CLI subprocess spawning pattern. | ai | |
| typosquat | typosquat.levenshtein:qs | AI (typosquat): Scoped package @sigmashake/ssg; no plausible squatting of 'qs' — name similarity is coincidental. | ai |
Versions (showing 29 of 29)
| Version | Deps | Published |
|---|---|---|
| 0.29.150 | 0 / 22 | |
| 0.29.30 | 0 / 26 | |
| 0.29.2 | 0 / 26 | |
| 0.28.1 | 0 / 26 | |
| 0.27.13 | 0 / 26 | |
| 0.25.1 | 0 / 26 | |
| 0.23.0 | 1 / 25 | |
| 0.13.6 | 1 / 24 | |
| 0.12.6 | 0 / 24 | |
| 0.12.5 | 0 / 24 | |
| 0.12.4 | 0 / 24 | |
| 0.12.3 | 0 / 24 | |
| 0.12.2 | 0 / 24 | |
| 0.12.1 | 0 / 24 | |
| 0.12.0 | 0 / 24 | |
| 0.11.0 | 0 / 12 | |
| 0.10.0 | 0 / 12 | |
| 0.9.2 | 0 / 12 | |
| 0.9.1 | 0 / 12 | |
| 0.9.0 | 0 / 12 | |
| 0.8.1 | 0 / 12 | |
| 0.8.0 | 0 / 12 | |
| 0.7.1 | 0 / 12 | |
| 0.7.0 | 0 / 12 | |
| 0.6.5 | 0 / 12 | |
| 0.6.4 | 0 / 12 | |
| 0.6.3 | 0 / 12 | |
| 0.6.2 | 0 / 12 | |
| 0.6.1 | 0 / 12 |
v0.29.150
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.29.2
3 findingsScript: node ./bin/cleanup-globals.cjs
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/sigmashakeinc/ssg/blob/420fd326f9f32ecf12cad238d8320ee39ccf1613/bin/ssg.cjs#L49 47 | // 3. Run binary if found 48 | if (binaryPath) { > 49 | const env = { ...process.env, SSG_PUBLIC_DIR: path.resolve(__dirname, '..', 'public') }; 50 | if (hookBinPath) env['SSG_HOOK_FAST_BIN'] = hookBinPath; 51 | if (evalServerBinPath) env['SSG_EVAL_SERVER_BIN'] = evalServerBinPath;
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.28.1
3 findingsScript: node ./bin/cleanup-globals.cjs
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/sigmashakeinc/ssg/blob/66efe4d5a9c9b87a1cc0579268a11840346a97ee/bin/ssg.cjs#L49 47 | // 3. Run binary if found 48 | if (binaryPath) { > 49 | const env = { ...process.env, SSG_PUBLIC_DIR: path.resolve(__dirname, '..', 'public') }; 50 | if (hookBinPath) env['SSG_HOOK_FAST_BIN'] = hookBinPath; 51 | if (evalServerBinPath) env['SSG_EVAL_SERVER_BIN'] = evalServerBinPath;
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.27.13
3 findingsScript: node ./bin/cleanup-globals.cjs
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/sigmashakeinc/ssg/blob/435db6c3e00a0d0b759e68fb1388d4f1537e9a8c/bin/ssg.cjs#L49 47 | // 3. Run binary if found 48 | if (binaryPath) { > 49 | const env = { ...process.env, SSG_PUBLIC_DIR: path.resolve(__dirname, '..', 'public') }; 50 | if (hookBinPath) env['SSG_HOOK_FAST_BIN'] = hookBinPath; 51 | if (evalServerBinPath) env['SSG_EVAL_SERVER_BIN'] = evalServerBinPath;
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.25.1
3 findingsScript: node ./bin/cleanup-globals.cjs
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/sigmashakeinc/ssg/blob/6d7fe88f21e31f5fda882fa4c7701ea8f335566a/bin/ssg.cjs#L49 47 | // 3. Run binary if found 48 | if (binaryPath) { > 49 | const env = { ...process.env, SSG_PUBLIC_DIR: path.resolve(__dirname, '..', 'public') }; 50 | if (hookBinPath) env['SSG_HOOK_FAST_BIN'] = hookBinPath; 51 | if (evalServerBinPath) env['SSG_EVAL_SERVER_BIN'] = evalServerBinPath;
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.23.0
3 findingsScript: node ./bin/cleanup-globals.cjs
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/sigmashake/ssg/blob/9a5edd3c02cd237592ce2d7aa8113728bdbfc4db/bin/ssg.cjs#L46 44 | // 3. Run binary if found 45 | if (binaryPath) { > 46 | const env = { ...process.env, SSG_PUBLIC_DIR: path.resolve(__dirname, '..', 'public') }; 47 | if (hookBinPath) env['SSG_HOOK_FAST_BIN'] = hookBinPath; 48 | const result = spawnSync(binaryPath, process.argv.slice(2), {stdio: 'inherit', env});
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.13.6
3 findingsScript: node ./bin/cleanup-globals.cjs
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/sigmashake/ssg/blob/887bd9f871323670a81ec2057a4ae97b9ff617a8/bin/ssg.cjs#L43 41 | const result = spawnSync(binaryPath, process.argv.slice(2), { 42 | stdio: 'inherit', > 43 | env: { ...process.env, SSG_PUBLIC_DIR: path.resolve(__dirname, '..', 'public') }, 44 | }); 45 | process.exit(result.status ?? 1);
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.12.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.12.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.12.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.12.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.12.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.12.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.12.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.11.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.10.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.8.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.8.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.7.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.7.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.6.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.6.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.6.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.6.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.6.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.