← Home

@treeship/cli-linux-x64

npm Repository Homepage

Treeship CLI binary for linux x64

4
Versions
Apache-2.0
License
Yes
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

amit.shrivastavazerker1

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
source-diff source-size-tripled AI (source-diff): Platform binary package; size changes between versions reflect binary payload updates, not injected malware. ai
install-scripts install-script:postinstall AI (install-scripts): Platform-specific binary wrapper; postinstall is the standard mechanism for placing the binary, backed by SLSA provenance. ai
bogus-package bogus-package AI (bogus-package): Binary distribution packages legitimately have no deps, tiny payload, and no keywords. ai

Versions (showing 4 of 4)

Version Deps Published
0.10.2 0 / 0
0.10.1 0 / 0
0.10.0 0 / 0
0.9.6 0 / 0

v0.10.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.10.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.10.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.