@stackone/cli — Greenflagged

StackOne Connect CLI tool

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

s1guillaumejorge.stackonestackone-publisher

Keywords

stackonecliconnectintegration

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	obfuscated-file:dist/cliCore-E8z0v8KP.cjs	AI (source-diff): Minified CLI bundle output from tsdown --minify; not obfuscated malware.	ai	2026/05/30
provenance	publisher-changed	AI (provenance): Transition to GitHub Actions CI publishing is a standard automation pattern; package.json publish-release script confirms intent.	ai	2026/05/30
source-diff	net-exec-file:dist/cliCore-D2QQhlz-.mjs	AI (source-diff): CLI tool legitimately uses child_process and network; pattern is expected for this package.	ai	2026/05/30
source-diff	obfuscated-file:dist/cliCore-D2QQhlz-.mjs	AI (source-diff): Minified CLI bundle output from tsdown --minify; not obfuscated malware.	ai	2026/05/30
source-diff	net-exec-file:dist/cliCore-E8z0v8KP.cjs	AI (source-diff): CLI tool legitimately uses child_process and network; pattern is expected for this package.	ai	2026/05/30
source-diff	obfuscated-file:dist/cliCore-_BZmg0kj.mjs	AI (source-diff): Standard tsdown minified CLI bundle (ESM variant); same rationale as CJS counterpart.	ai	2026/05/29
phantom-deps	phantom-dep:@stackone/expressions	AI (phantom-deps): Same-org dep bundled into dist; phantom detection is a false positive for this build pattern.	ai	2026/05/29
source-diff	obfuscated-file:dist/cliCore-DZnmJlqN.cjs	AI (source-diff): Standard tsdown minified CLI bundle; not obfuscated malware. Consistent with documented build config.	ai	2026/05/29
source-diff	obfuscated-file:dist/cliCore-CVaQgq11.cjs	AI (source-diff): Minified bundler output (tsdown --minify); readable logic, no malicious patterns.	ai	2026/05/21
phantom-deps	phantom-dep:@stackone/agent-harness	AI (phantom-deps): Same-org dep, visible in bundled dist imports.	ai	2026/05/21
phantom-deps	phantom-dep:@stackone/defender	AI (phantom-deps): Same-org dep, likely used via bundled dist output.	ai	2026/05/21
phantom-deps	phantom-dep:@anthropic-ai/sdk	AI (phantom-deps): Bundled into dist; not directly imported at module level but used transitively.	ai	2026/05/21
source-diff	obfuscated-file:dist/cliCore-Bil5LSaV.mjs	AI (source-diff): Minified bundler output (tsdown --minify); readable logic, no malicious patterns.	ai	2026/05/21
source-diff	obfuscated-file:dist/agentConfig-BWQWMYKQ.mjs	AI (source-diff): Minified bundler output (tsdown --minify); readable logic, no malicious patterns.	ai	2026/05/21
source-diff	obfuscated-file:dist/agentConfig-KBkYYmMr.cjs	AI (source-diff): Minified bundler output (tsdown --minify); readable logic, no malicious patterns.	ai	2026/05/21
source-diff	obfuscated-file:dist/cliCore-Zl15XKFp.mjs	AI (source-diff): ESM counterpart of the same minified build bundle; same rationale as the CJS file.	ai	2026/05/21
source-diff	obfuscated-file:dist/cliCore-HvFqMNSa.cjs	AI (source-diff): Standard tsdown --minify output; samples show normal CLI/React logic, no obfuscation or malicious payload.	ai	2026/05/21
source-diff	obfuscated-file:dist/cliCore-CGA-wigN.js	AI (source-diff): Minified ESM build output from tsdown --minify; same CLI logic as CJS counterpart.	ai	2026/05/21
source-diff	obfuscated-file:dist/cliCore-Bba3TFak.cjs	AI (source-diff): Minified build output from tsdown --minify; content is standard CLI logic, not obfuscated malware.	ai	2026/05/21
source-diff	obfuscated-file:dist/cliCore-BOwdDcP4.cjs	AI (source-diff): Minified build output from tsdown --minify; content is standard CLI logic, not obfuscation.	ai	2026/05/21
source-diff	obfuscated-file:dist/esm-BrK-ICga.cjs	AI (source-diff): Minified build output from tsdown --minify; content is readdirp-style file traversal, not malicious.	ai	2026/05/21
source-diff	obfuscated-file:dist/cliCore-CYhcPSJT.js	AI (source-diff): Minified build output from tsdown --minify; same CLI logic as .cjs counterpart.	ai	2026/05/21
source-diff	obfuscated-file:dist/esm-D_hUWJ1V.js	AI (source-diff): Minified build output from tsdown --minify; ESM counterpart of the file traversal module.	ai	2026/05/21
phantom-deps	phantom-dep:@stackone/connect-sdk	AI (phantom-deps): Same-org dep in bundled CLI; false positive for this package.	ai	2026/05/08
phantom-deps	phantom-dep:@stackone/agent-config	AI (phantom-deps): Same-org dep in bundled CLI; false positive for this package.	ai	2026/05/08
phantom-deps	phantom-dep:@stackone/transport	AI (phantom-deps): Same-org dep in bundled CLI; false positive for this package.	ai	2026/05/08
phantom-deps	phantom-dep:@stackone/core	AI (phantom-deps): Internal org package; bundled CLI pattern.	ai	2026/05/08
phantom-deps	phantom-dep:ink-spinner	AI (phantom-deps): Bundled CLI; deps resolved at build time.	ai	2026/05/08
phantom-deps	phantom-dep:commander	AI (phantom-deps): Bundled CLI; deps resolved at build time.	ai	2026/05/08
phantom-deps	phantom-dep:inquirer	AI (phantom-deps): Bundled CLI; deps resolved at build time.	ai	2026/05/08
phantom-deps	phantom-dep:chokidar	AI (phantom-deps): Bundled CLI; deps resolved at build time.	ai	2026/05/08
phantom-deps	phantom-dep:consola	AI (phantom-deps): Bundled CLI; deps resolved at build time.	ai	2026/05/08
phantom-deps	phantom-dep:semver	AI (phantom-deps): Bundled CLI; deps resolved at build time.	ai	2026/05/08
phantom-deps	phantom-dep:marked	AI (phantom-deps): Bundled CLI; deps resolved at build time.	ai	2026/05/08
phantom-deps	phantom-dep:@clack/prompts	AI (phantom-deps): Bundled CLI; deps resolved at build time.	ai	2026/05/08
phantom-deps	phantom-dep:react	AI (phantom-deps): Bundled CLI using ink (React renderer); resolved at build time.	ai	2026/05/08
phantom-deps	phantom-dep:chalk	AI (phantom-deps): Bundled CLI; deps resolved at build time.	ai	2026/05/08
phantom-deps	phantom-dep:diff	AI (phantom-deps): Bundled CLI; deps resolved at build time.	ai	2026/05/08
phantom-deps	phantom-dep:ora	AI (phantom-deps): Bundled CLI; deps resolved at build time.	ai	2026/05/08
phantom-deps	phantom-dep:ink	AI (phantom-deps): Bundled CLI; deps resolved at build time, not via direct import statements.	ai	2026/05/08
phantom-deps	phantom-dep:marked-terminal	AI (phantom-deps): Bundled CLI; deps resolved at build time.	ai	2026/05/08
phantom-deps	phantom-dep:dotenv	AI (phantom-deps): Bundled CLI; deps resolved at build time.	ai	2026/05/08
phantom-deps	phantom-dep:@stackone/utils	AI (phantom-deps): Internal org package; bundled CLI pattern.	ai	2026/05/08
phantom-deps	phantom-dep:json-colorizer	AI (phantom-deps): Bundled CLI; deps resolved at build time.	ai	2026/05/08
install-scripts	install-script:postinstall	AI (install-scripts): Postinstall only writes a static markdown file to a sibling package dir; no network access or code execution.	ai	2026/05/05
typosquat	typosquat.levenshtein:joi	AI (typosquat): Scoped @stackone/cli package; levenshtein match to 'joi' is a false positive with no impersonation intent.	ai	2026/05/05

Versions (showing 27 of 27)

Version	Deps	Published
1.34.0	25 / 21	2026-05-20
1.31.1	24 / 21	2026-05-04
1.31.0	24 / 21	2026-04-30
1.30.0	24 / 21	2026-04-21
1.29.0	24 / 21	2026-04-10
1.28.0	24 / 21	2026-04-07
1.24.1	24 / 21	2026-03-13
1.24.0	23 / 21	2026-03-10
1.18.0	23 / 21	2026-02-05
1.17.0	23 / 21	2026-02-03
1.16.1	15 / 20	2026-01-28
1.15.2	14 / 20	2026-01-12
1.13.2	11 / 20	2025-12-10
1.8.1	6 / 1	2025-11-03
1.8.0	6 / 1	2025-10-27
1.7.0	6 / 1	2025-09-30
1.6.0	6 / 1	2025-09-02
1.5.0	5 / 1	2025-08-14
1.4.0	5 / 1	2025-08-13
1.3.0	5 / 1	2025-07-28
1.2.2	5 / 1	2025-07-18
1.2.1	5 / 1	2025-07-18
1.2.0	5 / 1	2025-07-15
1.1.1	5 / 1	2025-07-15
1.1.0	5 / 1	2025-07-15
1.0.1	4 / 1	2025-07-14
1.0.0	4 / 1	2025-07-07

v1.34.0

3 findings

HIGH New obfuscated file: dist/cliCore-DZnmJlqN.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/cliCore-_BZmg0kj.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.31.1

2 findings

HIGH Package has 'postinstall' script install-scripts

Script: echo '# Agent Instructions Default instructions for StackOne Agent Runtime. ' > node_modules/@stackone/agent-harness/INSTRUCTIONS.md 2>/dev/null || true

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.31.0

2 findings

HIGH Package has 'postinstall' script install-scripts

Script: echo '# Agent Instructions Default instructions for StackOne Agent Runtime. ' > node_modules/@stackone/agent-harness/INSTRUCTIONS.md 2>/dev/null || true

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.30.0

2 findings

HIGH Package has 'postinstall' script install-scripts

Script: echo '# Agent Instructions Default instructions for StackOne Agent Runtime. ' > node_modules/@stackone/agent-harness/INSTRUCTIONS.md 2>/dev/null || true

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.29.0

5 findings

HIGH New obfuscated file: dist/agentConfig-KBkYYmMr.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/cliCore-CVaQgq11.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/agentConfig-BWQWMYKQ.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/cliCore-Bil5LSaV.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.28.0

2 findings

HIGH Package has 'postinstall' script install-scripts

Script: echo '# Agent Instructions Default instructions for StackOne Agent Runtime. ' > node_modules/@stackone/agent-harness/INSTRUCTIONS.md 2>/dev/null || true

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.24.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.24.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.18.0

3 findings

HIGH New obfuscated file: dist/cliCore-HvFqMNSa.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/cliCore-Zl15XKFp.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.17.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.16.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.15.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.13.2

6 findings

HIGH Publisher changed: stackone-publisher → GitHub Actions (on 2025-12-10) provenance

This version was published by a different npm account than previous versions on 2025-12-10. This could indicate a legitimate maintainer transition or an account compromise.

HIGH New obfuscated file: dist/cliCore-E8z0v8KP.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: dist/cliCore-E8z0v8KP.cjs source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New obfuscated file: dist/cliCore-D2QQhlz-.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: dist/cliCore-D2QQhlz-.mjs source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.8.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.8.0

5 findings

HIGH New obfuscated file: dist/cliCore-BOwdDcP4.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/esm-BrK-ICga.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/cliCore-CYhcPSJT.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/esm-D_hUWJ1V.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.7.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.6.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.5.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.4.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.3.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.2.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.2.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.2.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.1.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.1.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.