@workglow/cli
Command-line interface example for Workglow, demonstrating how to build and run AI task pipelines from the terminal.
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:@mediapipe/tasks-vision | AI (phantom-deps): Optional mediapipe dep; conditionally loaded by plugin pattern. | ai | |
| phantom-deps | phantom-dep:@mediapipe/tasks-genai | AI (phantom-deps): Optional mediapipe dep; conditionally loaded by plugin pattern. | ai | |
| phantom-deps | phantom-dep:@mediapipe/tasks-audio | AI (phantom-deps): Optional mediapipe dep; conditionally loaded by plugin pattern. | ai | |
| phantom-deps | phantom-dep:@mediapipe/tasks-text | AI (phantom-deps): Optional mediapipe dep; conditionally loaded by plugin pattern. | ai | |
| phantom-deps | phantom-dep:is-unicode-supported | AI (phantom-deps): Utility dep referenced in config; stable false positive. | ai | |
| phantom-deps | phantom-dep:react-devtools-core | AI (phantom-deps): React dev tooling dep; loaded by convention in React CLI apps. | ai | |
| phantom-deps | phantom-dep:react-reconciler | AI (phantom-deps): React ecosystem dep used by ink CLI framework; stable pattern. | ai | |
| phantom-deps | phantom-dep:@types/react | AI (phantom-deps): Type-only package; framework-scoped, loaded by convention. | ai | |
| phantom-deps | phantom-dep:@napi-rs/keyring | AI (phantom-deps): Native keyring dep; externalized in bundler config. | ai | |
| phantom-deps | phantom-dep:@workglow/storage | AI (phantom-deps): Same-org monorepo dep; externalized in bundler config. | ai | |
| phantom-deps | phantom-dep:@workglow/task-graph | AI (phantom-deps): Same-org monorepo dep; externalized in bundler config. | ai | |
| phantom-deps | phantom-dep:@workglow/ai-provider | AI (phantom-deps): Same-org monorepo dep; externalized in bundler config. | ai | |
| phantom-deps | phantom-dep:ink | AI (phantom-deps): Monorepo CLI with externalized deps; declared in package.json, used via bundler config. | ai | |
| phantom-deps | phantom-dep:react | AI (phantom-deps): Ink-based CLI uses React; externalized in bundler config. | ai | |
| phantom-deps | phantom-dep:@inkjs/ui | AI (phantom-deps): Ink UI dep; externalized in bundler config. | ai | |
| phantom-deps | phantom-dep:commander | AI (phantom-deps): CLI framework dep; externalized in bundler config. | ai | |
| phantom-deps | phantom-dep:smol-toml | AI (phantom-deps): Config parsing dep; externalized in bundler config. | ai | |
| phantom-deps | phantom-dep:@workglow/ai | AI (phantom-deps): Same-org monorepo dep; externalized in bundler config. | ai | |
| phantom-deps | phantom-dep:@workglow/util | AI (phantom-deps): Same-org monorepo dep; externalized in bundler config. | ai | |
| phantom-deps | phantom-dep:@workglow/tasks | AI (phantom-deps): Same-org monorepo dep; externalized in bundler config. | ai | |
| phantom-deps | phantom-dep:@huggingface/inference | AI (phantom-deps): Optional AI provider dependency; dynamically loaded pattern expected for this CLI. | ai | |
| phantom-deps | phantom-dep:@huggingface/transformers | AI (phantom-deps): Optional AI provider dependency; dynamically loaded pattern expected for this CLI. | ai | |
| phantom-deps | phantom-dep:@google/generative-ai | AI (phantom-deps): Optional AI provider dependency; dynamically loaded pattern expected for this CLI. | ai | |
| phantom-deps | phantom-dep:@anthropic-ai/sdk | AI (phantom-deps): Optional AI provider dependency; dynamically loaded pattern expected for this CLI. | ai | |
| phantom-deps | phantom-dep:node-llama-cpp | AI (phantom-deps): Optional AI provider dependency; dynamically loaded pattern expected for this CLI. | ai | |
| phantom-deps | phantom-dep:tiktoken | AI (phantom-deps): Optional AI provider dependency; dynamically loaded pattern expected for this CLI. | ai | |
| phantom-deps | phantom-dep:openai | AI (phantom-deps): Optional AI provider dependency; dynamically loaded pattern expected for this CLI. | ai | |
| phantom-deps | phantom-dep:ollama | AI (phantom-deps): Optional AI provider dependency; dynamically loaded pattern expected for this CLI. | ai | |
| phantom-deps | phantom-dep:chalk | AI (phantom-deps): AI provider deps are declared for optional/dynamic use in this CLI; phantom-dep heuristic is a stable false positive here. | ai | |
| typosquat | typosquat.levenshtein:joi | AI (typosquat): @workglow/cli is a scoped AI CLI package; Levenshtein match to 'joi' is coincidental and not a typosquat. | ai |
Versions (showing 51 of 61)
| Version | Deps | Published |
|---|---|---|
| 0.3.12 | 31 / 1 | |
| 0.3.11 | 31 / 1 | |
| 0.3.10 | 31 / 1 | |
| 0.3.9 | 31 / 1 | |
| 0.3.7 | 31 / 1 | |
| 0.3.6 | 31 / 1 | |
| 0.3.5 | 31 / 1 | |
| 0.3.4 | 31 / 1 | |
| 0.3.3 | 31 / 1 | |
| 0.3.2 | 31 / 1 | |
| 0.3.1 | 31 / 1 | |
| 0.3.0 | 31 / 1 | |
| 0.2.37 | 31 / 1 | |
| 0.2.36 | 31 / 1 | |
| 0.2.35 | 31 / 1 | |
| 0.2.34 | 31 / 1 | |
| 0.2.33 | 31 / 1 | |
| 0.2.32 | 31 / 1 | |
| 0.2.31 | 30 / 1 | |
| 0.2.30 | 30 / 1 | |
| 0.2.29 | 30 / 1 | |
| 0.2.28 | 30 / 1 | |
| 0.2.27 | 21 / 1 | |
| 0.2.26 | 21 / 1 | |
| 0.2.25 | 21 / 1 | |
| 0.2.24 | 21 / 1 | |
| 0.2.23 | 21 / 1 | |
| 0.2.22 | 21 / 1 | |
| 0.2.21 | 21 / 1 | |
| 0.2.20 | 21 / 1 | |
| 0.2.19 | 21 / 1 | |
| 0.2.18 | 21 / 1 | |
| 0.2.17 | 21 / 1 | |
| 0.2.16 | 21 / 1 | |
| 0.2.15 | 21 / 1 | |
| 0.2.14 | 21 / 1 | |
| 0.2.13 | 21 / 1 | |
| 0.2.12 | 21 / 1 | |
| 0.2.11 | 21 / 1 | |
| 0.2.10 | 21 / 1 | |
| 0.2.9 | 21 / 1 | |
| 0.2.8 | 21 / 1 | |
| 0.2.7 | 21 / 1 | |
| 0.2.6 | 21 / 1 | |
| 0.2.5 | 21 / 1 | |
| 0.2.4 | 21 / 1 | |
| 0.2.3 | 21 / 1 | |
| 0.2.2 | 21 / 1 | |
| 0.2.1 | 21 / 1 | |
| 0.2.0 | 21 / 1 | |
| 0.1.2 | 20 / 1 |
v0.3.12
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.11
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.37
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.36
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.35
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.34
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.33
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.32
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.31
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.30
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.29
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.28
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.27
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.26
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.25
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.24
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.23
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.22
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.21
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.20
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.19
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.18
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.17
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.