@tombi-toml/cli-win32-x64
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| npm-metadata | bundled-binaries | AI (npm-metadata): Platform-specific CLI binary distribution package; tombi.exe is the intended artifact, backed by SLSA provenance attestation. | ai | |
| provenance | publisher-changed | AI (provenance): Publisher change from yassun7010 to GitHub Actions reflects legitimate CI/CD automation, confirmed by SLSA provenance attestation. This pattern is stable for this package going forward. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Platform-specific binary distribution packages inherently have no deps, no description, and tiny payloads. This is a structural characteristic of the package type, not a spam indicator. | ai | |
| npm-metadata | no-description | AI (npm-metadata): No description is expected for platform-specific binary shim packages in the @tombi-toml scope. | ai |
Versions (showing 89 of 189)
| Version | Deps | Published |
|---|---|---|
| 0.6.34 | 0 / 0 | |
| 0.6.33 | 0 / 0 | |
| 0.6.32 | 0 / 0 | |
| 0.6.31 | 0 / 0 | |
| 0.6.30 | 0 / 0 | |
| 0.6.29 | 0 / 0 | |
| 0.6.28 | 0 / 0 | |
| 0.6.27 | 0 / 0 | |
| 0.6.26 | 0 / 0 | |
| 0.6.25 | 0 / 0 | |
| 0.6.24 | 0 / 0 | |
| 0.6.23 | 0 / 0 | |
| 0.6.22 | 0 / 0 | |
| 0.6.21 | 0 / 0 | |
| 0.6.20 | 0 / 0 | |
| 0.6.19 | 0 / 0 | |
| 0.6.18 | 0 / 0 | |
| 0.6.17 | 0 / 0 | |
| 0.6.16 | 0 / 0 | |
| 0.6.15 | 0 / 0 | |
| 0.6.14 | 0 / 0 | |
| 0.6.13 | 0 / 0 | |
| 0.6.12 | 0 / 0 | |
| 0.6.11 | 0 / 0 | |
| 0.6.10 | 0 / 0 | |
| 0.6.9 | 0 / 0 | |
| 0.6.8 | 0 / 0 | |
| 0.6.7 | 0 / 0 | |
| 0.6.6 | 0 / 0 | |
| 0.6.5 | 0 / 0 | |
| 0.6.4 | 0 / 0 | |
| 0.6.3 | 0 / 0 | |
| 0.6.2 | 0 / 0 | |
| 0.6.1 | 0 / 0 | |
| 0.6.0 | 0 / 0 | |
| 0.5.18 | 0 / 0 | |
| 0.5.17 | 0 / 0 | |
| 0.5.16 | 0 / 0 | |
| 0.5.15 | 0 / 0 | |
| 0.5.14 | 0 / 0 | |
| 0.5.13 | 0 / 0 | |
| 0.5.12 | 0 / 0 | |
| 0.5.11 | 0 / 0 | |
| 0.5.10 | 0 / 0 | |
| 0.5.9 | 0 / 0 | |
| 0.5.8 | 0 / 0 | |
| 0.5.7 | 0 / 0 | |
| 0.5.6 | 0 / 0 | |
| 0.5.5 | 0 / 0 | |
| 0.5.4 | 0 / 0 | |
| 0.5.3 | 0 / 0 | |
| 0.5.2 | 0 / 0 | |
| 0.5.1 | 0 / 0 | |
| 0.5.0 | 0 / 0 | |
| 0.4.42 | 0 / 0 | |
| 0.4.41 | 0 / 0 | |
| 0.4.40 | 0 / 0 | |
| 0.4.39 | 0 / 0 | |
| 0.4.38 | 0 / 0 | |
| 0.4.37 | 0 / 0 | |
| 0.4.36 | 0 / 0 | |
| 0.4.35 | 0 / 0 | |
| 0.4.34 | 0 / 0 | |
| 0.4.33 | 0 / 0 | |
| 0.4.32 | 0 / 0 | |
| 0.4.31 | 0 / 0 | |
| 0.4.30 | 0 / 0 | |
| 0.4.29 | 0 / 0 | |
| 0.4.28 | 0 / 0 | |
| 0.4.27 | 0 / 0 | |
| 0.4.26 | 0 / 0 | |
| 0.4.25 | 0 / 0 | |
| 0.4.24 | 0 / 0 | |
| 0.4.23 | 0 / 0 | |
| 0.4.22 | 0 / 0 | |
| 0.4.21 | 0 / 0 | |
| 0.4.20 | 0 / 0 | |
| 0.4.19 | 0 / 0 | |
| 0.4.18 | 0 / 0 | |
| 0.4.17 | 0 / 0 | |
| 0.4.16 | 0 / 0 | |
| 0.4.15 | 0 / 0 | |
| 0.4.14 | 0 / 0 | |
| 0.4.13 | 0 / 0 | |
| 0.4.12 | 0 / 0 | |
| 0.4.11 | 0 / 0 | |
| 0.4.10 | 0 / 0 | |
| 0.4.9 | 0 / 0 | |
| 0.4.8 | 0 / 0 |
v0.6.34
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.33
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.32
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.31
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.30
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.29
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.28
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.27
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.26
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.25
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.24
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.23
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.22
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.21
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.20
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.19
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.18
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.17
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.16
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.15
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.14
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.13
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.12
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.11
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.10
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.9
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.18
2 findingsPackage contains compiled binaries that could be backdoors: • tombi.exe
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.17
2 findingsPackage contains compiled binaries that could be backdoors: • tombi.exe
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.16
2 findingsPackage contains compiled binaries that could be backdoors: • tombi.exe
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.15
2 findingsPackage contains compiled binaries that could be backdoors: • tombi.exe
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.14
2 findingsPackage contains compiled binaries that could be backdoors: • tombi.exe
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.13
2 findingsPackage contains compiled binaries that could be backdoors: • tombi.exe
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.12
2 findingsPackage contains compiled binaries that could be backdoors: • tombi.exe
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.11
2 findingsPackage contains compiled binaries that could be backdoors: • tombi.exe
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.10
2 findingsPackage contains compiled binaries that could be backdoors: • tombi.exe
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.9
2 findingsPackage contains compiled binaries that could be backdoors: • tombi.exe
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.8
2 findingsPackage contains compiled binaries that could be backdoors: • tombi.exe
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.7
2 findingsPackage contains compiled binaries that could be backdoors: • tombi.exe
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.6
2 findingsPackage contains compiled binaries that could be backdoors: • tombi.exe
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.5
2 findingsPackage contains compiled binaries that could be backdoors: • tombi.exe
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.4
2 findingsPackage contains compiled binaries that could be backdoors: • tombi.exe
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.3
2 findingsPackage contains compiled binaries that could be backdoors: • tombi.exe
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.2
2 findingsPackage contains compiled binaries that could be backdoors: • tombi.exe
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.1
2 findingsPackage contains compiled binaries that could be backdoors: • tombi.exe
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.0
2 findingsPackage contains compiled binaries that could be backdoors: • tombi.exe
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.42
2 findingsPackage contains compiled binaries that could be backdoors: • tombi.exe
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.41
2 findingsPackage contains compiled binaries that could be backdoors: • tombi.exe
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.40
2 findingsPackage contains compiled binaries that could be backdoors: • tombi.exe
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.39
2 findingsPackage contains compiled binaries that could be backdoors: • tombi.exe
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.38
2 findingsPackage contains compiled binaries that could be backdoors: • tombi.exe
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.37
2 findingsPackage contains compiled binaries that could be backdoors: • tombi.exe
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.36
2 findingsPackage contains compiled binaries that could be backdoors: • tombi.exe
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.35
2 findingsPackage contains compiled binaries that could be backdoors: • tombi.exe
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.34
2 findingsPackage contains compiled binaries that could be backdoors: • tombi.exe
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.33
2 findingsPackage contains compiled binaries that could be backdoors: • tombi.exe
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.32
2 findingsPackage contains compiled binaries that could be backdoors: • tombi.exe
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.31
2 findingsPackage contains compiled binaries that could be backdoors: • tombi.exe
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.30
2 findingsPackage contains compiled binaries that could be backdoors: • tombi.exe
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.29
2 findingsPackage contains compiled binaries that could be backdoors: • tombi.exe
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.28
2 findingsPackage contains compiled binaries that could be backdoors: • tombi.exe
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.27
2 findingsPackage contains compiled binaries that could be backdoors: • tombi.exe
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.26
2 findingsPackage contains compiled binaries that could be backdoors: • tombi.exe
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.25
2 findingsPackage contains compiled binaries that could be backdoors: • tombi.exe
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.24
2 findingsPackage contains compiled binaries that could be backdoors: • tombi.exe
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.23
2 findingsPackage contains compiled binaries that could be backdoors: • tombi.exe
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.22
2 findingsPackage contains compiled binaries that could be backdoors: • tombi.exe
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.21
2 findingsPackage contains compiled binaries that could be backdoors: • tombi.exe
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.20
2 findingsPackage contains compiled binaries that could be backdoors: • tombi.exe
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.19
2 findingsPackage contains compiled binaries that could be backdoors: • tombi.exe
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.18
2 findingsPackage contains compiled binaries that could be backdoors: • tombi.exe
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.17
2 findingsPackage contains compiled binaries that could be backdoors: • tombi.exe
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.16
2 findingsPackage contains compiled binaries that could be backdoors: • tombi.exe
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.15
2 findingsPackage contains compiled binaries that could be backdoors: • tombi.exe
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.14
2 findingsPackage contains compiled binaries that could be backdoors: • tombi.exe
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.13
2 findingsPackage contains compiled binaries that could be backdoors: • tombi.exe
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.12
2 findingsPackage contains compiled binaries that could be backdoors: • tombi.exe
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.11
2 findingsPackage contains compiled binaries that could be backdoors: • tombi.exe
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.10
2 findingsPackage contains compiled binaries that could be backdoors: • tombi.exe
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.9
2 findingsPackage contains compiled binaries that could be backdoors: • tombi.exe
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.8
2 findingsPackage contains compiled binaries that could be backdoors: • tombi.exe
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.