← Home

@supernovaio/cli-next

npm Homepage

Supernova.io Command Line Interface

13
Versions
MIT
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

seva-supernovaartufimtcevsupernova-cisusergiijiritrecakclxsupernovasn-filipdaniskoydus

Keywords

SupernovaDesign SystemsSupernovaioSDKDesign TokensTokensAssetsComponentsDocumentationCMS

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
dependencies unvetted-dep:@supernovaio/code-analyzer AI (dependencies): First-party scoped dep from the same Supernova org; consistent with the package's purpose. ai
dependencies unvetted-dep:@supernovaio/sdk AI (dependencies): First-party Supernova SDK; expected dependency for the official Supernova CLI. ai
dependencies unvetted-dep:@supernova-studio/pulsar-core AI (dependencies): First-party Supernova-Studio package; consistent with CLI's ecosystem. ai
dependencies unvetted-dep:@supernova-studio/pulsar-language AI (dependencies): First-party Supernova-Studio package; consistent with CLI's ecosystem. ai
dependencies unvetted-dep:@supernova-studio/simple-parse-github-url AI (dependencies): First-party Supernova-Studio utility; expected in this CLI context. ai
dependencies unvetted-dep:@hackolade/keytar AI (dependencies): Keytar fork for credential storage; expected in a CLI tool needing secure token storage. ai
phantom-deps phantom-dep:@hackolade/keytar AI (phantom-deps): Loaded via oclif config; stable false positive for this package. ai
phantom-deps phantom-dep:@oclif/plugin-help AI (phantom-deps): Declared as oclif plugin in config; not directly imported by design. ai
phantom-deps phantom-dep:@oclif/plugin-plugins AI (phantom-deps): Declared as oclif plugin in config; not directly imported by design. ai
phantom-deps phantom-dep:colors AI (phantom-deps): CLI tool; colors loaded via oclif config convention, not direct import. ai
phantom-deps phantom-dep:@supernova-studio/model AI (phantom-deps): Bundled dep; stable false positive for this package. ai
phantom-deps phantom-dep:@supernova-studio/simple-parse-github-url AI (phantom-deps): Bundled dep; stable false positive for this package. ai
phantom-deps phantom-dep:@sentry/profiling-node AI (phantom-deps): Loaded by Sentry at runtime via config; stable false positive. ai
phantom-deps phantom-dep:dotenv AI (phantom-deps): Config-file loaded; stable false positive for this CLI package. ai
phantom-deps phantom-dep:ip-cidr AI (phantom-deps): Referenced in config files; stable false positive for this package. ai
phantom-deps phantom-dep:minimatch AI (phantom-deps): Config-file reference; stable false positive for this package. ai
phantom-deps phantom-dep:ts-pattern AI (phantom-deps): Config-file reference; stable false positive for this package. ai
phantom-deps phantom-dep:@types/fs-extra AI (phantom-deps): Framework-scoped type package; stable false positive. ai

Versions (showing 13 of 13)

Version Deps Published
2.5.5 40 / 27
2.5.4 36 / 27
2.5.3 36 / 27
2.5.2 36 / 27
2.5.1 36 / 27
2.5.0 36 / 27
2.4.0 39 / 27
2.3.7 34 / 25
2.3.6 28 / 25
2.3.5 28 / 25
2.3.3 27 / 25
2.3.2 27 / 25
2.3.1 27 / 25

v2.5.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.5.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.5.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.5.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.5.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.4.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.3.7

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.3.6

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.3.5

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.3.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.3.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.3.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.