@vertesia/cli
The Vertesia command-line interface (CLI) provides a set of commands to manage and interact with the Vertesia Platform.
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:@vertesia/workflow | AI (phantom-deps): Monorepo sibling; used dynamically in CLI. | ai | |
| phantom-deps | phantom-dep:ansi-colors | AI (phantom-deps): ANSI color utility; used dynamically in CLI. | ai | |
| phantom-deps | phantom-dep:ansi-escapes | AI (phantom-deps): ANSI escape codes; used dynamically in CLI. | ai | |
| phantom-deps | phantom-dep:gradient-string | AI (phantom-deps): Gradient text rendering; used dynamically in CLI. | ai | |
| phantom-deps | phantom-dep:signal-exit | AI (phantom-deps): Signal handling; used dynamically in CLI. | ai | |
| phantom-deps | phantom-dep:json-schema-to-typescript | AI (phantom-deps): Code generation tool; used dynamically in build. | ai | |
| phantom-deps | phantom-dep:jsonwebtoken | AI (phantom-deps): JWT utility; used dynamically in CLI. | ai | |
| phantom-deps | phantom-dep:@vertesia/client | AI (phantom-deps): Monorepo sibling; used dynamically in CLI. | ai | |
| phantom-deps | phantom-dep:@vertesia/common | AI (phantom-deps): Monorepo sibling; used dynamically in CLI. | ai | |
| phantom-deps | phantom-dep:ora | AI (phantom-deps): CLI spinner library; used dynamically in CLI tool. | ai | |
| phantom-deps | phantom-dep:glob | AI (phantom-deps): File globbing; used dynamically in code generation tool. | ai | |
| phantom-deps | phantom-dep:mime | AI (phantom-deps): MIME type utility; used dynamically in CLI. | ai | |
| phantom-deps | phantom-dep:open | AI (phantom-deps): Opens URLs/files; used dynamically in CLI tool. | ai | |
| phantom-deps | phantom-dep:boxen | AI (phantom-deps): CLI box drawing; used dynamically for output formatting. | ai | |
| phantom-deps | phantom-dep:chalk | AI (phantom-deps): Terminal color library; used dynamically in CLI. | ai | |
| phantom-deps | phantom-dep:figures | AI (phantom-deps): Unicode symbols; used dynamically in CLI output. | ai | |
| phantom-deps | phantom-dep:enquirer | AI (phantom-deps): Interactive prompts; used dynamically in CLI. | ai | |
| phantom-deps | phantom-dep:commander | AI (phantom-deps): CLI argument parser; used dynamically in CLI tool. | ai | |
| phantom-deps | phantom-dep:log-update | AI (phantom-deps): Terminal logging; used dynamically in CLI. | ai | |
| phantom-deps | phantom-dep:log-symbols | AI (phantom-deps): Log symbols; used dynamically in CLI output. | ai | |
| typosquat | typosquat.levenshtein:joi | AI (typosquat): Scoped package @vertesia/cli is not a typosquat of joi; Levenshtein match is spurious. | ai | |
| phantom-deps | phantom-dep:@vertesia/memory-commands | AI (phantom-deps): Same-org monorepo package; phantom-dep heuristic unreliable for monorepo sub-packages. | ai | |
| phantom-deps | phantom-dep:cli-table3 | AI (phantom-deps): CLI utility dep; may be used indirectly via re-exports or dynamic imports in a bundled CLI. | ai | |
| phantom-deps | phantom-dep:cli-spinners | AI (phantom-deps): Used transitively via ora/log-update; phantom-dep heuristic fires on indirect usage. | ai | |
| phantom-deps | phantom-dep:seedrandom | AI (phantom-deps): Stable false positive for this package; likely used in config/template generation. | ai | |
| phantom-deps | phantom-dep:json-schema | AI (phantom-deps): Stable false positive; used by json-schema-to-typescript dependency chain. | ai | |
| phantom-deps | phantom-dep:@llumiverse/common | AI (phantom-deps): Companion org package; phantom-dep heuristic unreliable for related-org packages. | ai | |
| semgrep | semgrep:env-spread | AI (semgrep): env-spread in docker.js is standard subprocess env forwarding for Docker builds; not a secret exfiltration risk. | ai |
Versions (showing 35 of 35)
| Version | Deps | Published |
|---|---|---|
| 1.3.0 | 28 / 4 | |
| 1.2.0 | 28 / 4 | |
| 1.1.0 | 28 / 4 | |
| 1.0.0 | 28 / 4 | |
| 0.82.4 | 29 / 1 | |
| 0.81.1 | 29 / 1 | |
| 0.81.0 | 29 / 1 | |
| 0.80.0 | 29 / 1 | |
| 0.79.4 | 29 / 1 | |
| 0.79.3 | 29 / 1 | |
| 0.79.2 | 29 / 1 | |
| 0.79.1 | 29 / 1 | |
| 0.78.0 | 29 / 1 | |
| 0.77.0 | 29 / 1 | |
| 0.76.0 | 29 / 1 | |
| 0.74.0 | 29 / 1 | |
| 0.73.0 | 29 / 1 | |
| 0.72.0 | 29 / 1 | |
| 0.71.0 | 29 / 1 | |
| 0.70.0 | 29 / 1 | |
| 0.68.0 | 29 / 1 | |
| 0.67.0 | 29 / 1 | |
| 0.66.0 | 29 / 1 | |
| 0.65.0 | 29 / 1 | |
| 0.64.0 | 29 / 1 | |
| 0.63.0 | 29 / 1 | |
| 0.62.0 | 29 / 1 | |
| 0.61.0 | 29 / 1 | |
| 0.60.0 | 29 / 1 | |
| 0.59.0 | 29 / 1 | |
| 0.58.0 | 29 / 1 | |
| 0.57.0 | 29 / 1 | |
| 0.56.0 | 29 / 1 | |
| 0.55.0 | 28 / 1 | |
| 0.54.0 | 28 / 1 |
v1.3.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.2.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.1.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.0.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.81.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.81.0
2 findingsThis version was published by a different npm account than previous versions on 2026-01-12. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.80.0
2 findingsThis version was published by a different npm account than previous versions on 2025-12-15. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.79.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.79.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.79.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.79.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.78.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.77.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.76.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.74.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.73.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.72.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.71.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.70.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.68.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.67.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.66.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.65.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.64.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.63.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.62.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.61.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.60.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.59.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.58.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.57.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.56.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.55.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.54.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.