@wp-playground/tools
Tools for WordPress Playground
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:isomorphic-git | AI (phantom-deps): Referenced in config files, not directly imported; consistent with other accepted phantom-deps in this package. | ai | |
| phantom-deps | phantom-dep:playwright | AI (phantom-deps): playwright is used as a CLI/config tool, not directly imported; phantom-dep is a stable false positive for this package. | ai | |
| license | copyleft-license:GPL-2.0-or-later | AI (license): GPL-2.0-or-later is the intentional license for all WordPress Playground packages; stable across versions. | ai | |
| dependencies | unvetted-dep:minimisted | AI (dependencies): minimisted is a declared dep but not directly imported per phantom-dep finding; low risk for this established WP Playground package. | ai | |
| phantom-deps | phantom-dep:selfsigned | AI (phantom-deps): Large monorepo tools package; deps declared for bundling/config use, not direct imports. Stable pattern across versions. | ai | |
| phantom-deps | phantom-dep:wasm-feature-detect | AI (phantom-deps): Config-file reference in a monorepo tools package; not a direct import risk. | ai | |
| phantom-deps | phantom-dep:fs-ext-extra-prebuilt | AI (phantom-deps): Platform-specific binary package; declared for optional native support, not a direct import. | ai | |
| phantom-deps | phantom-dep:crc-32 | AI (phantom-deps): Monorepo tools package; deps declared centrally, not all directly imported in this sub-package. | ai | |
| phantom-deps | phantom-dep:ignore | AI (phantom-deps): Monorepo tools package; deps declared centrally, not all directly imported in this sub-package. | ai | |
| phantom-deps | phantom-dep:sha.js | AI (phantom-deps): Monorepo tools package; deps declared centrally, not all directly imported in this sub-package. | ai | |
| phantom-deps | phantom-dep:express | AI (phantom-deps): Monorepo tools package; deps declared centrally, not all directly imported in this sub-package. | ai | |
| phantom-deps | phantom-dep:octokit | AI (phantom-deps): Monorepo tools package; deps declared centrally, not all directly imported in this sub-package. | ai | |
| phantom-deps | phantom-dep:async-lock | AI (phantom-deps): Monorepo tools package; deps declared centrally, not all directly imported in this sub-package. | ai | |
| phantom-deps | phantom-dep:ws | AI (phantom-deps): Monorepo tools package; deps declared centrally, not all directly imported in this sub-package. | ai | |
| phantom-deps | phantom-dep:simple-get | AI (phantom-deps): Monorepo tools package; deps declared centrally, not all directly imported in this sub-package. | ai | |
| phantom-deps | phantom-dep:jsonc-parser | AI (phantom-deps): Monorepo tools package; deps declared centrally, not all directly imported in this sub-package. | ai | |
| phantom-deps | phantom-dep:clean-git-ref | AI (phantom-deps): Monorepo tools package; deps declared centrally, not all directly imported in this sub-package. | ai | |
| phantom-deps | phantom-dep:@zip.js/zip.js | AI (phantom-deps): Monorepo tools package; deps declared centrally, not all directly imported in this sub-package. | ai | |
| phantom-deps | phantom-dep:fast-xml-parser | AI (phantom-deps): Monorepo tools package; deps declared centrally, not all directly imported in this sub-package. | ai | |
| phantom-deps | phantom-dep:readable-stream | AI (phantom-deps): Monorepo tools package; deps declared centrally, not all directly imported in this sub-package. | ai | |
| phantom-deps | phantom-dep:minimisted | AI (phantom-deps): Monorepo tools package; deps declared centrally, not all directly imported in this sub-package. | ai | |
| phantom-deps | phantom-dep:ajv | AI (phantom-deps): Monorepo tools package; deps declared centrally, not all directly imported in this sub-package. | ai | |
| phantom-deps | phantom-dep:ini | AI (phantom-deps): Monorepo tools package; deps declared centrally, not all directly imported in this sub-package. | ai | |
| phantom-deps | phantom-dep:pako | AI (phantom-deps): Monorepo tools package; deps declared centrally, not all directly imported in this sub-package. | ai | |
| phantom-deps | phantom-dep:pify | AI (phantom-deps): Monorepo tools package; deps declared centrally, not all directly imported in this sub-package. | ai | |
| phantom-deps | phantom-dep:diff3 | AI (phantom-deps): Monorepo tools package; deps declared centrally, not all directly imported in this sub-package. | ai | |
| phantom-deps | phantom-dep:yargs | AI (phantom-deps): Monorepo tools package; deps declared centrally, not all directly imported in this sub-package. | ai |
Versions (showing 26 of 26)
| Version | Deps | Published |
|---|---|---|
| 3.1.36 | 1 / 0 | |
| 3.1.35 | 1 / 0 | |
| 3.1.34 | 1 / 0 | |
| 3.1.33 | 1 / 0 | |
| 3.1.32 | 1 / 0 | |
| 3.1.31 | 1 / 0 | |
| 3.1.30 | 1 / 0 | |
| 3.1.29 | 1 / 0 | |
| 3.1.28 | 25 / 0 | |
| 3.1.27 | 24 / 0 | |
| 3.1.26 | 24 / 0 | |
| 3.1.25 | 24 / 0 | |
| 3.1.22 | 24 / 0 | |
| 3.1.21 | 23 / 0 | |
| 3.1.20 | 23 / 0 | |
| 3.1.19 | 23 / 0 | |
| 3.1.18 | 23 / 0 | |
| 3.1.16 | 23 / 0 | |
| 3.1.15 | 23 / 0 | |
| 3.1.14 | 23 / 0 | |
| 3.1.5 | 23 / 0 | |
| 3.1.0 | 21 / 0 | |
| 3.0.54 | 21 / 0 | |
| 3.0.53 | 21 / 0 | |
| 3.0.52 | 21 / 0 | |
| 3.0.51 | 21 / 0 |
v3.1.36
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.1.35
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.1.34
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.1.33
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.1.32
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.1.31
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.1.30
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.1.29
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.1.28
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.1.27
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.1.26
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.1.25
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.1.22
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.1.20
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.1.19
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.1.18
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.1.16
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.1.15
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.1.14
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.1.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.1.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.0.54
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.0.53
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.0.52
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.0.51
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.