@tombi-toml/cli-linux-x64
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| npm-metadata | bundled-binaries | AI (npm-metadata): Platform-specific CLI binary distribution package; bundled binary is the intended artifact, backed by SLSA provenance. | ai | |
| provenance | publisher-changed | AI (provenance): Publisher changed from yassun7010 to GitHub Actions as part of a deliberate migration to automated CI/CD publishing with SLSA provenance attestation. This is a security improvement, not a compromise. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Platform-specific binary distribution packages legitimately have no deps, no description, and tiny payloads. This is the expected structure for OS/CPU-targeted optional packages. | ai | |
| npm-metadata | no-description | AI (npm-metadata): Platform-specific binary shim packages routinely omit descriptions; not a malicious indicator for this package. | ai |
Versions (showing 88 of 189)
| Version | Deps | Published |
|---|---|---|
| 0.6.33 | 0 / 0 | |
| 0.6.32 | 0 / 0 | |
| 0.6.31 | 0 / 0 | |
| 0.6.30 | 0 / 0 | |
| 0.6.29 | 0 / 0 | |
| 0.6.28 | 0 / 0 | |
| 0.6.27 | 0 / 0 | |
| 0.6.26 | 0 / 0 | |
| 0.6.25 | 0 / 0 | |
| 0.6.24 | 0 / 0 | |
| 0.6.23 | 0 / 0 | |
| 0.6.22 | 0 / 0 | |
| 0.6.21 | 0 / 0 | |
| 0.6.20 | 0 / 0 | |
| 0.6.19 | 0 / 0 | |
| 0.6.18 | 0 / 0 | |
| 0.6.17 | 0 / 0 | |
| 0.6.16 | 0 / 0 | |
| 0.6.15 | 0 / 0 | |
| 0.6.14 | 0 / 0 | |
| 0.6.13 | 0 / 0 | |
| 0.6.12 | 0 / 0 | |
| 0.6.11 | 0 / 0 | |
| 0.6.10 | 0 / 0 | |
| 0.6.9 | 0 / 0 | |
| 0.6.8 | 0 / 0 | |
| 0.6.7 | 0 / 0 | |
| 0.6.6 | 0 / 0 | |
| 0.6.5 | 0 / 0 | |
| 0.6.4 | 0 / 0 | |
| 0.6.3 | 0 / 0 | |
| 0.6.2 | 0 / 0 | |
| 0.6.1 | 0 / 0 | |
| 0.6.0 | 0 / 0 | |
| 0.5.18 | 0 / 0 | |
| 0.5.17 | 0 / 0 | |
| 0.5.16 | 0 / 0 | |
| 0.5.15 | 0 / 0 | |
| 0.5.14 | 0 / 0 | |
| 0.5.13 | 0 / 0 | |
| 0.5.12 | 0 / 0 | |
| 0.5.11 | 0 / 0 | |
| 0.5.10 | 0 / 0 | |
| 0.5.9 | 0 / 0 | |
| 0.5.8 | 0 / 0 | |
| 0.5.7 | 0 / 0 | |
| 0.5.6 | 0 / 0 | |
| 0.5.5 | 0 / 0 | |
| 0.5.4 | 0 / 0 | |
| 0.5.3 | 0 / 0 | |
| 0.5.2 | 0 / 0 | |
| 0.5.1 | 0 / 0 | |
| 0.5.0 | 0 / 0 | |
| 0.4.42 | 0 / 0 | |
| 0.4.41 | 0 / 0 | |
| 0.4.40 | 0 / 0 | |
| 0.4.39 | 0 / 0 | |
| 0.4.38 | 0 / 0 | |
| 0.4.37 | 0 / 0 | |
| 0.4.36 | 0 / 0 | |
| 0.4.35 | 0 / 0 | |
| 0.4.34 | 0 / 0 | |
| 0.4.33 | 0 / 0 | |
| 0.4.32 | 0 / 0 | |
| 0.4.31 | 0 / 0 | |
| 0.4.30 | 0 / 0 | |
| 0.4.29 | 0 / 0 | |
| 0.4.28 | 0 / 0 | |
| 0.4.27 | 0 / 0 | |
| 0.4.26 | 0 / 0 | |
| 0.4.25 | 0 / 0 | |
| 0.4.24 | 0 / 0 | |
| 0.4.23 | 0 / 0 | |
| 0.4.22 | 0 / 0 | |
| 0.4.21 | 0 / 0 | |
| 0.4.20 | 0 / 0 | |
| 0.4.19 | 0 / 0 | |
| 0.4.18 | 0 / 0 | |
| 0.4.17 | 0 / 0 | |
| 0.4.16 | 0 / 0 | |
| 0.4.15 | 0 / 0 | |
| 0.4.14 | 0 / 0 | |
| 0.4.13 | 0 / 0 | |
| 0.4.12 | 0 / 0 | |
| 0.4.11 | 0 / 0 | |
| 0.4.10 | 0 / 0 | |
| 0.4.9 | 0 / 0 | |
| 0.4.8 | 0 / 0 |
v0.6.33
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.32
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.31
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.30
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.29
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.28
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.27
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.26
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.25
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.24
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.23
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.22
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.21
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.20
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.19
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.18
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.17
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.16
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.15
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.14
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.13
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.12
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.11
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.10
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.9
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.8
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.7
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.6
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.5
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.4
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.3
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.2
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.1
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.0
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.18
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.17
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.16
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.15
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.14
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.13
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.12
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.11
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.10
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.9
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.8
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.7
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.6
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.5
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.4
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.3
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.2
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.1
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.0
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.42
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.41
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.40
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.39
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.38
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.37
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.36
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.35
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.34
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.33
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.32
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.31
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.30
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.29
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.28
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.27
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.26
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.25
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.24
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.23
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.22
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.21
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.20
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.19
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.18
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.17
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.16
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.15
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.14
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.13
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.12
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.11
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.10
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.9
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.8
2 findingsPackage contains compiled binaries that could be backdoors: • tombi
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.