@smoothbricks/cli MIT 7 versions

@smoothbricks/cli

npm Repository Homepage

SmoothBricks monorepo automation CLI

7

Versions

MIT

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

niko_nt2sergeybricksdannwilson

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
phantom-deps	phantom-dep:semver	AI (phantom-deps): Referenced in config files; stable false positive for this package.	ai	2026/05/24
typosquat	typosquat.levenshtein:joi	AI (typosquat): Scoped monorepo CLI package; Levenshtein match to 'joi' is coincidental, not impersonation.	ai	2026/05/23
semgrep	semgrep:env-bulk-read	AI (semgrep): Used in snapshotProcessEnv() for devenv config diffing — expected behavior for a monorepo automation CLI.	ai	2026/05/23
phantom-deps	phantom-dep:sherif	AI (phantom-deps): sherif is a CLI tool invoked via scripts/config, not imported directly; phantom-dep is a stable false positive here.	ai	2026/05/23
phantom-deps	phantom-dep:@arethetypeswrong/cli	AI (phantom-deps): @arethetypeswrong/cli is a CLI tool invoked via scripts/config, not imported directly; phantom-dep is a stable false positive here.	ai	2026/05/23
phantom-deps	phantom-dep:tslib	AI (phantom-deps): tslib is a known implicit runtime dependency for TypeScript compiled output; phantom-dep is a stable false positive.	ai	2026/05/23

Versions (showing 7 of 7)

Version	Deps	Published
0.3.3	8 / 1	2026-05-01
0.3.2	8 / 1	2026-05-01
0.3.1	8 / 1	2026-04-30
0.3.0	8 / 1	2026-04-30
0.2.0	7 / 1	2026-04-29
0.1.1	6 / 1	2026-04-28
0.1.0	6 / 0	2026-04-28

v0.3.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.