← Home

@stryke/fs

npm Repository Homepage
100
Versions
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

sullivanpjstormie-bot

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
provenance publisher-changed AI (provenance): Publisher changed from stormie-bot to GitHub Actions — consistent with legitimate migration to OIDC-based CI/CD publishing. SLSA provenance attestation corroborates authenticity. Stable for this package. ai
source-diff obfuscated-file:dist/file-path-fns-7aKacdLg.cjs AI (source-diff): File is minified bundler output (tsdown/Rollup CJS chunk) implementing standard path utilities. No obfuscation or malicious patterns present; content-hashed filenames are normal for this build toolchain. ai
source-diff large-new-source-files AI (source-diff): Large file count increase is consistent with bundling previously-external deps internally and expanding export surface; no injected malicious code detected. ai
phantom-deps phantom-dep:@stryke/helpers AI (phantom-deps): Same-org scoped dependency; may be used indirectly or re-exported; phantom-dep is expected in monorepo packages. ai
phantom-deps phantom-dep:@stryke/string-format AI (phantom-deps): Same-org scoped dependency; may be used indirectly or re-exported; phantom-dep is expected in monorepo packages. ai
phantom-deps phantom-dep:@stryke/convert AI (phantom-deps): Same-org scoped dependency; may be used indirectly or re-exported; phantom-dep is expected in monorepo packages. ai
phantom-deps phantom-dep:chalk AI (phantom-deps): chalk is declared and used in config/build context; phantom-dep finding is expected for build-time dependencies. ai
phantom-deps phantom-dep:@stryke/path AI (phantom-deps): Same-org scoped dependency; may be used indirectly or re-exported; phantom-dep is expected in monorepo packages. ai
typosquat typosquat.levenshtein:qs AI (typosquat): Scoped package @stryke/fs is not a typosquat of 'qs'; Levenshtein comparison of scoped names to short unrelated packages produces false positives for this package. ai
bogus-package bogus-package AI (bogus-package): Legitimate monorepo utility package from storm-software/stryke; cosmetic README/keyword issues are not security concerns. ai
typosquat typosquat.levenshtein:pg AI (typosquat): Scoped package @stryke/fs is not a typosquat of 'pg'; same false-positive pattern as the qs finding. ai

Versions (showing 100 of 155)

Version Deps Published
0.33.85 18 / 3
0.33.84 18 / 3
0.33.83 18 / 3
0.33.82 18 / 3
0.33.81 18 / 3
0.33.80 18 / 3
0.33.79 18 / 3
0.33.78 18 / 3
0.33.77 18 / 3
0.33.76 18 / 3
0.33.75 18 / 3
0.33.74 18 / 3
0.33.73 18 / 3
0.33.72 15 / 3
0.33.71 15 / 3
0.33.70 14 / 5
0.33.69 14 / 5
0.33.68 14 / 5
0.33.67 14 / 5
0.33.66 14 / 5
0.33.65 14 / 5
0.33.64 14 / 5
0.33.63 14 / 5
0.33.62 14 / 5
0.33.61 14 / 5
0.33.60 14 / 5
0.33.59 14 / 5
0.33.58 14 / 5
0.33.57 14 / 5
0.33.56 14 / 5
0.33.55 14 / 5
0.33.54 14 / 5
0.33.53 14 / 5
0.33.50 14 / 5
0.33.49 14 / 5
0.33.48 14 / 5
0.33.47 14 / 5
0.33.46 14 / 5
0.33.45 14 / 5
0.33.44 14 / 5
0.33.43 14 / 5
0.33.42 14 / 5
0.33.40 14 / 5
0.33.39 14 / 5
0.33.38 14 / 5
0.33.37 14 / 5
0.33.36 14 / 5
0.33.35 14 / 5
0.33.34 14 / 5
0.33.33 14 / 5
0.33.32 14 / 5
0.33.31 14 / 5
0.33.30 14 / 5
0.33.29 14 / 5
0.33.28 14 / 5
0.33.27 14 / 5
0.33.26 14 / 5
0.33.25 14 / 5
0.33.24 14 / 5
0.33.23 14 / 5
0.33.22 14 / 5
0.33.21 14 / 5
0.33.20 14 / 5
0.33.19 14 / 5
0.33.18 14 / 5
0.33.17 14 / 5
0.33.16 14 / 5
0.33.9 17 / 4
0.33.8 17 / 4
0.33.7 17 / 4
0.33.6 17 / 4
0.33.5 17 / 4
0.33.4 17 / 4
0.33.3 17 / 4
0.33.2 17 / 4
0.33.1 17 / 4
0.33.0 17 / 4
0.32.15 17 / 4
0.32.14 16 / 4
0.32.13 16 / 4
0.32.12 16 / 4
0.32.11 16 / 4
0.32.10 16 / 4
0.32.9 16 / 4
0.32.8 16 / 4
0.32.7 16 / 4
0.32.6 16 / 4
0.32.5 16 / 4
0.32.4 16 / 4
0.32.3 16 / 4
0.32.2 16 / 4
0.32.1 16 / 4
0.32.0 16 / 4
0.31.4 16 / 4
0.31.3 16 / 4
0.31.2 16 / 4
0.31.1 16 / 4
0.31.0 16 / 4
0.30.5 16 / 4
0.30.4 16 / 4
Showing 100 of 155 Next page →

v0.33.85

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.33.84

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.33.83

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.33.82

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.33.81

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.33.80

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.33.79

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.33.78

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.33.77

2 findings
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

INFO Publisher changed: GitHub Actions → stormie-bot (on 2026-05-25, known maintainer) provenance

This version was published by a different npm account (stormie-bot) than the most recent previously approved version (GitHub Actions) on 2026-05-25, but stormie-bot is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.

v0.33.76

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.33.75

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.33.74

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.33.73

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.33.72

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.33.71

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.33.69

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.33.68

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.33.67

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.33.66

2 findings
HIGH typosquat.levenshtein: Possible typosquat of 'qs' typosquat

Package name '@stryke/fs' is 1 edit(s) away from popular package 'qs'.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.33.65

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.33.38

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.33.36

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.32.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.32.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.32.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.31.4

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.31.3

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.31.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.31.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.31.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.30.5

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.30.4

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.