@stricli/core Apache-2.0 8 versions

@stricli/core

npm Repository Homepage

Build complex CLIs with type safety and no dependencies

8

Versions

Apache-2.0

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

bloomberg-ossbbgbuildermolisani

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
typosquat	typosquat.levenshtein:cors	AI (typosquat): @stricli/core is Bloomberg's legitimate CLI framework package; similarity to 'cors' is coincidental substring match on 'core' vs 'cors'. Not a typosquat.	ai	2026/04/25
bogus-package	bogus-package	AI (bogus-package): Scoped monorepo package from Bloomberg with SLSA provenance; short README and missing keywords are cosmetic issues, not spam indicators.	ai	2026/04/25

Versions (showing 8 of 8)

Version	Deps	Published
1.2.7	0 / 15	2026-05-14
1.2.6	0 / 15	2026-02-20
1.2.5	0 / 15	2026-01-06
1.2.4	0 / 19	2025-10-14
1.2.3	0 / 19	2025-10-14
1.2.2	0 / 19	2025-10-14
1.2.1	0 / 19	2025-10-13
1.2.0	0 / 19	2025-07-01

v1.2.7

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.2.6

2 findings

HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@stricli/core' is 1 edit(s) away from popular package 'cors'.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.2.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.2.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.2.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.2.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.2.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.2.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.