← Home

@storm-software/unbuild

npm Repository Homepage
100
Versions
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

stormie-botsullivanpj

Keywords

acidiccyclone-uimonorepostormstorm-opsstorm-stacksullivanpjunbuild

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
provenance publisher-changed AI (provenance): Storm-ops monorepo migrated publishing to GitHub Actions CI; SLSA attestation confirms legitimate pipeline. ai
phantom-deps phantom-dep:@storm-software/config-tools AI (phantom-deps): Same-org dependency; phantom-dep heuristic is a false positive here. ai
phantom-deps phantom-dep:jiti AI (phantom-deps): jiti is a declared runtime dep used in config loading; phantom-dep heuristic fires on indirect usage. ai
phantom-deps phantom-dep:pkg-types AI (phantom-deps): pkg-types is a declared runtime dep; phantom-dep heuristic is a false positive for config-file usage. ai
typosquat typosquat.levenshtein:esbuild AI (typosquat): @storm-software/unbuild wraps the 'unbuild' build tool and depends on esbuild directly — not a typosquat. Scoped package name is clearly intentional. ai
semgrep semgrep:env-bulk-read AI (semgrep): env-bulk-read filters by a STORM_EXTENSION_ prefix — standard namespaced config reading in a build tool, not credential harvesting. ai

Versions (showing 100 of 414)

Version Deps Published
0.57.98 13 / 6
0.57.97 13 / 6
0.57.96 13 / 6
0.57.95 13 / 6
0.57.94 13 / 6
0.57.93 13 / 6
0.57.92 13 / 6
0.57.91 13 / 6
0.57.90 13 / 6
0.57.89 13 / 6
0.57.88 13 / 6
0.57.87 13 / 6
0.57.86 13 / 6
0.57.85 13 / 6
0.57.84 13 / 6
0.57.83 13 / 6
0.57.82 13 / 6
0.57.81 13 / 6
0.57.80 13 / 6
0.57.79 13 / 6
0.57.78 13 / 6
0.57.77 13 / 6
0.57.76 13 / 6
0.57.75 13 / 6
0.57.74 13 / 6
0.57.73 13 / 6
0.57.72 13 / 6
0.57.71 13 / 6
0.57.70 13 / 6
0.57.69 13 / 6
0.57.68 13 / 6
0.57.67 13 / 6
0.57.66 13 / 6
0.57.65 13 / 6
0.57.64 13 / 6
0.57.63 13 / 6
0.57.62 13 / 6
0.57.61 13 / 6
0.57.60 13 / 6
0.57.59 13 / 6
0.57.58 13 / 6
0.57.57 13 / 6
0.57.56 13 / 6
0.57.55 13 / 6
0.57.54 13 / 6
0.57.53 13 / 6
0.57.52 13 / 6
0.57.51 13 / 6
0.57.50 13 / 6
0.57.49 13 / 6
0.57.48 13 / 6
0.57.47 13 / 6
0.57.46 13 / 6
0.57.45 13 / 6
0.57.44 13 / 6
0.57.43 13 / 6
0.57.42 13 / 6
0.57.41 13 / 6
0.57.40 13 / 6
0.57.39 13 / 6
0.57.38 13 / 6
0.57.37 13 / 6
0.57.36 13 / 6
0.57.35 13 / 6
0.57.34 13 / 6
0.57.33 13 / 6
0.57.32 13 / 6
0.57.31 13 / 6
0.57.30 13 / 6
0.57.29 13 / 6
0.57.28 13 / 6
0.57.27 13 / 6
0.57.26 13 / 6
0.57.25 13 / 6
0.57.24 13 / 6
0.57.23 13 / 6
0.57.22 13 / 6
0.57.21 13 / 6
0.57.20 13 / 6
0.57.19 13 / 6
0.57.18 13 / 6
0.57.16 13 / 6
0.57.15 13 / 6
0.57.14 13 / 6
0.57.13 13 / 6
0.57.12 13 / 6
0.57.11 13 / 6
0.57.10 13 / 6
0.57.9 13 / 6
0.57.8 13 / 6
0.57.7 13 / 6
0.57.6 13 / 6
0.57.5 13 / 6
0.57.4 13 / 6
0.57.3 13 / 6
0.57.2 13 / 6
0.57.1 13 / 6
0.57.0 13 / 6
0.56.20 13 / 6
0.56.19 13 / 6
Showing 100 of 414 Next page →

v0.57.11

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.57.10

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.57.9

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.57.8

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.57.7

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.57.6

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.57.5

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.57.4

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.57.3

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.57.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.57.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.57.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.56.20

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.56.19

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.