@tsparticles/webpack-plugin
Utility package that generates webpack configurations for tsParticles engine, bundles, plugins, presets, shapes, paths, interactions, effects, templates, palettes, and updaters.
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:@babel/preset-env | AI (phantom-deps): Babel preset loaded by convention; standard for build tooling. | ai | |
| phantom-deps | phantom-dep:@types/webpack-env | AI (phantom-deps): TypeScript types for webpack; expected for webpack plugin. | ai | |
| phantom-deps | phantom-dep:eslint-plugin-import | AI (phantom-deps): ESLint plugin referenced in config; standard dev dependency. | ai | |
| phantom-deps | phantom-dep:@typescript-eslint/parser | AI (phantom-deps): ESLint parser referenced in config; expected for TypeScript project. | ai | |
| phantom-deps | phantom-dep:@types/webpack-bundle-analyzer | AI (phantom-deps): TypeScript types for webpack analyzer; standard dev dependency. | ai | |
| phantom-deps | phantom-dep:@typescript-eslint/eslint-plugin | AI (phantom-deps): ESLint plugin referenced in config; expected for TypeScript project. | ai | |
| phantom-deps | phantom-dep:rimraf | AI (phantom-deps): Build tool dependency used in clear:dist script; expected for webpack plugin. | ai | |
| phantom-deps | phantom-dep:copyfiles | AI (phantom-deps): Build tool referenced in config; legitimate for build process. | ai | |
| phantom-deps | phantom-dep:@babel/core | AI (phantom-deps): Build dependency loaded by convention; expected for webpack plugin. | ai | |
| phantom-deps | phantom-dep:@types/node | AI (phantom-deps): TypeScript types for Node.js; standard dev dependency for build tools. | ai | |
| phantom-deps | phantom-dep:babel-loader | AI (phantom-deps): Webpack loader referenced in config; expected for webpack plugin. | ai | |
| publish-pattern | dormant-publish | AI (publish-pattern): tsparticles is a known open-source org; publish is via GitHub Actions with SLSA attestation, substantially reducing account-takeover risk even after dormancy. | ai | |
| provenance | missing-githead | AI (provenance): Package has SLSA provenance attestation via Sigstore, which is a stronger supply chain integrity signal than gitHead. The CI/CD pipeline change explains the missing field. | ai | |
| phantom-deps | phantom-dep:typescript-eslint | AI (phantom-deps): typescript-eslint is a bundled toolchain dep for this shared config package. Stable pattern. | ai | |
| phantom-deps | phantom-dep:eslint-plugin-jsdoc | AI (phantom-deps): eslint-plugin-jsdoc is a bundled toolchain dep for this shared config package. Stable pattern. | ai | |
| phantom-deps | phantom-dep:eslint-plugin-tsdoc | AI (phantom-deps): eslint-plugin-tsdoc is a bundled toolchain dep for this shared config package. Stable pattern. | ai | |
| phantom-deps | phantom-dep:eslint-config-prettier | AI (phantom-deps): eslint-config-prettier is a bundled toolchain dep for this shared config package. Stable pattern. | ai | |
| phantom-deps | phantom-dep:@stylistic/eslint-plugin | AI (phantom-deps): @stylistic/eslint-plugin is a bundled toolchain dep for this shared config package. Stable pattern. | ai | |
| phantom-deps | phantom-dep:@tsparticles/prettier-config | AI (phantom-deps): Same-org prettier config dep; legitimate toolchain dependency for this package. Stable pattern. | ai | |
| phantom-deps | phantom-dep:prettier-plugin-multiline-arrays | AI (phantom-deps): prettier-plugin-multiline-arrays is a bundled toolchain dep for this shared config package. Stable pattern. | ai | |
| dependencies | unvetted-dep:swc-loader | AI (dependencies): swc-loader is a well-known, widely-used webpack loader for SWC; legitimate build tool dependency for this webpack config package. | ai | |
| phantom-deps | phantom-dep:eslint | AI (phantom-deps): This is a shared webpack/build config package; eslint is a bundled toolchain dep used in config files, not imported at runtime. Pattern is stable across versions. | ai | |
| phantom-deps | phantom-dep:prettier | AI (phantom-deps): Prettier is a bundled toolchain dep for this shared config package; referenced in config files only. Stable pattern. | ai | |
| phantom-deps | phantom-dep:@swc/core | AI (phantom-deps): SWC core is a legitimate build tool bundled as a toolchain dep in this webpack config package. Stable pattern. | ai | |
| phantom-deps | phantom-dep:swc-loader | AI (phantom-deps): swc-loader is a legitimate webpack loader bundled as toolchain dep in this config package. Stable pattern. | ai | |
| phantom-deps | phantom-dep:webpack-cli | AI (phantom-deps): webpack-cli is a bundled toolchain dep for this webpack config package. Stable pattern. | ai | |
| phantom-deps | phantom-dep:typescript | AI (phantom-deps): TypeScript is a bundled toolchain dep for this shared build config package. Stable pattern. | ai | |
| phantom-deps | phantom-dep:browserslist | AI (phantom-deps): browserslist is a bundled toolchain dep for this webpack config package. Stable pattern. | ai |
Versions (showing 50 of 50)
| Version | Deps | Published |
|---|---|---|
| 4.1.3 | 17 / 5 | |
| 4.1.2 | 17 / 5 | |
| 4.1.1 | 17 / 5 | |
| 4.1.0 | 17 / 5 | |
| 4.0.5 | 17 / 5 | |
| 4.0.4 | 17 / 5 | |
| 4.0.3 | 17 / 5 | |
| 4.0.2 | 17 / 5 | |
| 4.0.1 | 17 / 5 | |
| 4.0.0 | 17 / 5 | |
| 3.4.14 | 18 / 4 | |
| 3.4.13 | 17 / 4 | |
| 3.4.12 | 18 / 4 | |
| 3.4.11 | 18 / 4 | |
| 3.4.10 | 18 / 4 | |
| 3.4.9 | 18 / 4 | |
| 3.4.7 | 18 / 4 | |
| 3.4.6 | 18 / 4 | |
| 3.4.5 | 18 / 4 | |
| 3.4.4 | 18 / 4 | |
| 3.4.3 | 18 / 4 | |
| 3.4.2 | 18 / 4 | |
| 3.4.1 | 18 / 4 | |
| 3.3.5 | 18 / 4 | |
| 3.3.4 | 18 / 4 | |
| 3.3.3 | 18 / 4 | |
| 3.3.2 | 18 / 4 | |
| 3.3.1 | 18 / 4 | |
| 3.3.0 | 18 / 4 | |
| 3.2.0 | 19 / 4 | |
| 3.1.9 | 24 / 0 | |
| 3.1.8 | 24 / 0 | |
| 3.1.7 | 24 / 0 | |
| 3.1.6 | 24 / 0 | |
| 3.1.4 | 24 / 0 | |
| 3.1.2 | 24 / 0 | |
| 3.1.1 | 24 / 0 | |
| 3.1.0 | 24 / 0 | |
| 3.0.13 | 25 / 0 | |
| 3.0.12 | 25 / 0 | |
| 3.0.11 | 25 / 0 | |
| 3.0.10 | 25 / 0 | |
| 3.0.9 | 25 / 0 | |
| 3.0.7 | 25 / 0 | |
| 3.0.6 | 26 / 0 | |
| 3.0.5 | 26 / 0 | |
| 3.0.3 | 26 / 0 | |
| 3.0.2 | 26 / 0 | |
| 3.0.1 | 26 / 0 | |
| 3.0.0 | 26 / 0 |
v4.1.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.1.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.1.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.1.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.0.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.0.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.0.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.0.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.0.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.0.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.4.14
2 findingsPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
[Accepted risk] This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.
v3.4.13
2 findingsPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
[Accepted risk] This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.
v3.4.12
2 findingsPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
[Accepted risk] This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.
v3.4.11
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.4.10
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.4.9
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.4.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.4.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.4.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.4.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.4.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.4.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.4.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.3.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.3.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.3.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.3.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.3.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.3.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.2.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.1.9
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.1.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.1.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.1.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.1.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.1.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.1.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.1.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.13
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.12
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.11
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.10
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.9
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.