@visulima/packem
A fast and modern bundler for Node.js and TypeScript.
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:rollup-plugin-pure | AI (dependencies): Legitimate rollup tree-shaking plugin; consistent with this bundler tool's purpose. | ai | |
| dependencies | unvetted-dep:@visulima/colorize | AI (dependencies): First-party @visulima sibling dep; consistent with this monorepo package's ecosystem. | ai | |
| dependencies | unvetted-dep:@rollup/plugin-wasm | AI (dependencies): Official @rollup scoped plugin; expected for a bundler tool. | ai | |
| dependencies | unvetted-dep:@visulima/humanizer | AI (dependencies): First-party @visulima sibling dep; consistent with this monorepo package's ecosystem. | ai | |
| dependencies | unvetted-dep:@visulima/source-map | AI (dependencies): First-party @visulima sibling dep; consistent with this monorepo package's ecosystem. | ai | |
| dependencies | unvetted-dep:rollup-plugin-license | AI (dependencies): Well-known rollup plugin for license handling; expected in a bundler. | ai | |
| dependencies | unvetted-dep:@visulima/package | AI (dependencies): First-party @visulima sibling dep; consistent with this monorepo package's ecosystem. | ai | |
| dependencies | unvetted-dep:@csstools/postcss-slow-plugins | AI (dependencies): Official @csstools scoped package; expected for a bundler with CSS support. | ai | |
| dependencies | unvetted-dep:@rollup/plugin-dynamic-import-vars | AI (dependencies): Official @rollup scoped plugin; expected for a bundler tool. | ai | |
| phantom-deps | phantom-dep:@clack/prompts | AI (phantom-deps): CLI prompts library; likely loaded dynamically at runtime for interactive install flows. | ai | |
| phantom-deps | phantom-dep:@antfu/install-pkg | AI (phantom-deps): Package installer helper; likely invoked dynamically, not statically imported. | ai | |
| phantom-deps | phantom-dep:@rollup/plugin-inject | AI (phantom-deps): Framework-scoped rollup plugin loaded by convention; stable false positive for this bundler. | ai | |
| dependencies | unvetted-dep:@visulima/find-cache-dir | AI (dependencies): First-party @visulima sibling dep; consistent with this monorepo package's ecosystem. | ai |
Versions (showing 20 of 20)
| Version | Deps | Published |
|---|---|---|
| 1.28.3 | 47 / 0 | |
| 1.28.2 | 47 / 0 | |
| 1.28.1 | 47 / 0 | |
| 1.28.0 | 47 / 0 | |
| 1.27.0 | 47 / 0 | |
| 1.26.0 | 47 / 0 | |
| 1.25.0 | 46 / 0 | |
| 1.24.1 | 46 / 0 | |
| 1.24.0 | 46 / 0 | |
| 1.23.1 | 46 / 0 | |
| 1.23.0 | 46 / 0 | |
| 1.22.1 | 46 / 0 | |
| 1.22.0 | 46 / 0 | |
| 1.21.0 | 46 / 0 | |
| 1.20.1 | 46 / 0 | |
| 1.20.0 | 46 / 0 | |
| 1.19.5 | 46 / 0 | |
| 1.19.4 | 46 / 0 | |
| 1.19.3 | 46 / 0 | |
| 1.19.2 | 46 / 0 |
v1.28.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.28.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.28.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.28.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.27.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.26.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.25.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.24.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.24.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.23.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.23.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.22.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.22.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.21.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.20.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.20.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.19.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.19.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.19.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.19.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.