← Home

@smithery/cli

npm Repository Homepage

An NPX command to install and list Model Context Protocols from Smithery

34
Versions
License
Yes
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

calclavia

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
phantom-deps phantom-dep:zod-to-json-schema AI (phantom-deps): Bundled CLI; consumed at build time. ai
phantom-deps phantom-dep:@anthropic-ai/mcpb AI (phantom-deps): Bundled CLI; consumed at build time. ai
phantom-deps phantom-dep:cross-fetch AI (phantom-deps): Bundled CLI; consumed at build time. ai
phantom-deps phantom-dep:cors AI (phantom-deps): Bundled CLI; deps compiled into dist, not directly imported in source. ai
phantom-deps phantom-dep:uuid AI (phantom-deps): Bundled CLI; deps compiled into dist, not directly imported in source. ai
phantom-deps phantom-dep:yaml AI (phantom-deps): Bundled CLI; deps compiled into dist, not directly imported in source. ai
phantom-deps phantom-dep:chalk AI (phantom-deps): Bundled CLI; deps compiled into dist, not directly imported in source. ai
phantom-deps phantom-dep:lodash AI (phantom-deps): Bundled CLI; deps compiled into dist, not directly imported in source. ai
phantom-deps phantom-dep:uuidv7 AI (phantom-deps): Bundled CLI; deps compiled into dist, not directly imported in source. ai
phantom-deps phantom-dep:esbuild AI (phantom-deps): Known implicit/binary dep; explicitly listed in pnpm onlyBuiltDependencies. ai
phantom-deps phantom-dep:express AI (phantom-deps): Bundled CLI; deps compiled into dist, not directly imported in source. ai
phantom-deps phantom-dep:commander AI (phantom-deps): Bundled CLI; deps compiled into dist, not directly imported in source. ai
phantom-deps phantom-dep:fast-glob AI (phantom-deps): Bundled CLI; deps compiled into dist, not directly imported in source. ai
phantom-deps phantom-dep:miniflare AI (phantom-deps): Bundled CLI; deps compiled into dist, not directly imported in source. ai
phantom-deps phantom-dep:flexsearch AI (phantom-deps): Bundled CLI; deps compiled into dist, not directly imported in source. ai
phantom-deps phantom-dep:cross-spawn AI (phantom-deps): Bundled CLI; deps compiled into dist, not directly imported in source. ai
phantom-deps phantom-dep:@ngrok/ngrok AI (phantom-deps): Bundled CLI; deps compiled into dist, not directly imported in source. ai
phantom-deps phantom-dep:cli-spinners AI (phantom-deps): Bundled CLI; deps compiled into dist, not directly imported in source. ai
phantom-deps phantom-dep:jsonc-parser AI (phantom-deps): Bundled CLI; deps compiled into dist, not directly imported in source. ai
phantom-deps phantom-dep:@smithery/api AI (phantom-deps): Same-org dep; bundled CLI pattern, stable false positive. ai
phantom-deps phantom-dep:inquirer AI (phantom-deps): Bundled CLI; deps compiled into dist, not directly imported in source. ai
phantom-deps phantom-dep:ora AI (phantom-deps): Bundled CLI; deps compiled into dist, not directly imported in source. ai
phantom-deps phantom-dep:shx AI (phantom-deps): Bundled CLI; build-time dep used in scripts, not directly imported. ai
publish-pattern dormant-publish AI (publish-pattern): SLSA provenance attestation confirms CI/CD publish; dormancy concern is mitigated by verified provenance. ai
typosquat typosquat.levenshtein:joi AI (typosquat): Scoped package @smithery/cli is unrelated to joi; Levenshtein match is a false positive. ai
install-scripts install-script:postinstall AI (install-scripts): Established CLI tool with SLSA provenance; postinstall is a standard setup script, stable across versions. ai

Versions (showing 34 of 34)

Version Deps Published
4.11.1 0 / 34
4.11.0 0 / 32
4.10.0 0 / 32
4.9.3 0 / 32
4.9.0 0 / 32
4.8.2 0 / 33
4.8.1 0 / 33
4.8.0 0 / 33
3.19.0 24 / 15
3.15.1 24 / 15
3.13.1 24 / 15
3.10.0 24 / 15
3.7.0 23 / 14
3.6.0 23 / 14
3.5.1 23 / 14
3.5.0 23 / 14
3.4.1 23 / 14
3.4.0 23 / 14
3.3.3 22 / 14
3.3.2 22 / 14
3.3.1 22 / 14
3.3.0 22 / 14
3.2.2 22 / 14
3.2.1 22 / 14
3.2.0 22 / 14
3.1.6 22 / 14
3.1.5 22 / 14
3.1.4 22 / 14
3.1.3 22 / 14
3.1.2 22 / 14
3.1.1 22 / 14
3.1.0 21 / 14
3.0.4 20 / 14
3.0.3 20 / 14

v4.11.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.19.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.15.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.13.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.10.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.7.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.6.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.5.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.5.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.4.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.4.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.3.3

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.3.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.3.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.3.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.2.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.2.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.2.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.6

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.5

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.4

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.3

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.0.4

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.0.3

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.