@smbcloud/cli Apache-2.0 9 versions

@smbcloud/cli

npm Repository Homepage

A CLI for accessing the smbCloud platform.

9

Versions

Apache-2.0

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

keypair34setoelkahfi

Keywords

smbcloudclismbpndksmbcloud-clicloudsmbclouddevelopertoolsweb3web3jsweb3.jsweb3jsbitcoinbtcethereumsolanaethsolblockchainsmart-contractsdappsdappdapp-toolsdapp-tooldapp-toolkitdapp-toolkit-cli

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
typosquat	typosquat.levenshtein:joi	AI (typosquat): Scoped package @smbcloud/cli has no relation to joi; Levenshtein match is coincidental.	ai	2026/05/10
semgrep	semgrep:child-process-import	AI (semgrep): CLI tool that delegates to platform-specific binaries; child_process use is expected and documented.	ai	2026/05/10

Versions (showing 9 of 9)

Version	Deps	Published
0.4.1	0 / 5	2026-05-16
0.4.0	0 / 5	2026-05-10
0.3.41	0 / 5	2026-05-03
0.3.39	0 / 5	2026-05-02
0.3.38	0 / 5	2026-04-10
0.3.37	0 / 5	2026-04-06
0.3.36	0 / 5	2026-04-06
0.3.35	0 / 5	2026-04-06
0.3.33	0 / 5	2026-03-28

v0.4.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.41

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.39

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.38

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.37

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.36

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.35

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.33

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.