@skillsgate/tui
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| install-scripts | install-script:postinstall | AI (install-scripts): Postinstall selects platform-specific binaries for a CLI tool — a documented, legitimate pattern. Code is public on GitHub with explanatory comments; SLSA provenance attestation confirms CI/CD origin. | ai | |
| typosquat | typosquat.levenshtein:uuid | AI (typosquat): Scoped package @skillsgate/tui is a Terminal UI tool; Levenshtein match to 'uuid' is a false positive with no plausible confusion vector. | ai | |
| typosquat | typosquat.levenshtein:joi | AI (typosquat): Scoped package @skillsgate/tui is a Terminal UI tool; Levenshtein match to 'joi' is a false positive with no plausible confusion vector. | ai | |
| typosquat | typosquat.levenshtein:yup | AI (typosquat): Scoped package @skillsgate/tui is a Terminal UI tool; Levenshtein match to 'yup' is a false positive with no plausible confusion vector. | ai |
Versions (showing 14 of 14)
| Version | Deps | Published |
|---|---|---|
| 0.2.4 | 3 / 0 | |
| 0.2.0 | 3 / 0 | |
| 0.1.15 | 3 / 0 | |
| 0.1.14 | 3 / 0 | |
| 0.1.13 | 3 / 0 | |
| 0.1.12 | 3 / 0 | |
| 0.1.10 | 3 / 0 | |
| 0.1.9 | 3 / 0 | |
| 0.1.6 | 3 / 0 | |
| 0.1.5 | 3 / 0 | |
| 0.1.4 | 3 / 0 | |
| 0.1.3 | 3 / 0 | |
| 0.1.2 | 3 / 0 | |
| 0.1.1 | 3 / 0 |
v0.2.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.15
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.14
2 findingsScript: node bin/postinstall.cjs
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.13
2 findingsScript: node bin/postinstall.cjs
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.12
2 findingsScript: node bin/postinstall.cjs
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.10
2 findingsScript: node bin/postinstall.cjs
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.9
2 findingsScript: node bin/postinstall.cjs
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.6
2 findingsScript: node bin/postinstall.cjs
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.