← Home

build-ts

npm Repository Homepage

[![Test](https://github.com/WillBooster/build-ts/actions/workflows/test.yml/badge.svg)](https://github.com/WillBooster/build-ts/actions/workflows/test.yml) [![semantic-release](https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-

10
Versions
UNLICENSED
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

exkazuu

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
phantom-deps phantom-dep:rollup-plugin-keep-import AI (phantom-deps): Rollup plugin loaded by convention. ai
phantom-deps phantom-dep:@babel/preset-react AI (phantom-deps): Framework-scoped babel preset, loaded by convention. ai
phantom-deps phantom-dep:@rollup/plugin-json AI (phantom-deps): Rollup plugin loaded by convention. ai
phantom-deps phantom-dep:@rollup/plugin-terser AI (phantom-deps): Rollup plugin loaded by convention. ai
phantom-deps phantom-dep:@babel/preset-typescript AI (phantom-deps): Framework-scoped babel preset, loaded by convention. ai
phantom-deps phantom-dep:@rollup/plugin-replace AI (phantom-deps): Rollup plugin loaded by convention. ai
phantom-deps phantom-dep:rollup-plugin-analyzer AI (phantom-deps): Rollup plugin loaded by convention. ai
phantom-deps phantom-dep:@rollup/plugin-commonjs AI (phantom-deps): Rollup plugin loaded by convention. ai
phantom-deps phantom-dep:@rollup/pluginutils AI (phantom-deps): Rollup utility loaded by convention. ai
phantom-deps phantom-dep:@rollup/plugin-babel AI (phantom-deps): Rollup plugin loaded by convention. ai
phantom-deps phantom-dep:rollup-plugin-string AI (phantom-deps): Rollup plugin loaded by convention. ai
phantom-deps phantom-dep:chalk AI (phantom-deps): Build tool; deps loaded by convention, not direct import. ai
phantom-deps phantom-dep:yargs AI (phantom-deps): CLI tool; yargs used via bin entry, not direct import. ai
phantom-deps phantom-dep:core-js AI (phantom-deps): Known implicit polyfill dependency for babel/rollup builds. ai
phantom-deps phantom-dep:date-time AI (phantom-deps): Utility loaded by convention in build toolchain. ai
phantom-deps phantom-dep:pretty-ms AI (phantom-deps): Utility loaded by convention in build toolchain. ai
phantom-deps phantom-dep:signal-exit AI (phantom-deps): Runtime utility loaded by convention. ai
phantom-deps phantom-dep:core-js-pure AI (phantom-deps): Known implicit polyfill dependency for babel/rollup builds. ai
phantom-deps phantom-dep:rollup-plugin-ts AI (phantom-deps): Rollup plugin loaded by convention in build config. ai
phantom-deps phantom-dep:@babel/preset-env AI (phantom-deps): Framework-scoped babel preset, loaded by convention. ai
phantom-deps phantom-dep:rollup AI (phantom-deps): Build tool that wraps rollup; rollup is loaded by convention, not direct import. ai
phantom-deps phantom-dep:typescript AI (phantom-deps): TypeScript build tool; typescript loaded as a peer/runtime dep by convention. ai
phantom-deps phantom-dep:tsx AI (phantom-deps): tsx used as CLI runner in scripts, not imported directly. ai
install-scripts install-script:postinstall AI (install-scripts): husky || true is a standard dev-tooling git-hooks setup; not a security risk. ai

Versions (showing 10 of 10)

Version Deps Published
17.1.8 33 / 25
17.1.7 33 / 25
17.1.4 33 / 25
17.1.2 33 / 25
17.1.1 33 / 25
17.1.0 33 / 24
17.0.26 34 / 33
17.0.25 34 / 33
17.0.9 34 / 33
16.0.15 34 / 33

v17.1.8

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v17.1.7

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v17.1.4

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v17.1.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v17.1.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v17.1.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v17.0.26

2 findings
HIGH Package has 'postinstall' script install-scripts

Script: husky || true

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v17.0.25

2 findings
HIGH Package has 'postinstall' script install-scripts

Script: husky || true

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v17.0.9

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v16.0.15

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.