create-nx-workspace
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:env-spread | AI (semgrep): Passes process.env to spawned child processes — standard scaffolding CLI behavior, not exfiltration. | ai | |
| semgrep | semgrep:child-process-import | AI (semgrep): CLI tool that scaffolds workspaces legitimately needs child_process to run install commands. | ai | |
| semgrep | semgrep:dynamic-require | AI (semgrep): Resolves nx internal generators from the target workspace directory — documented plugin-loader pattern. | ai |
Versions (showing 50 of 50)
| Version | Deps | Published |
|---|---|---|
| 22.7.5 | 9 / 0 | |
| 22.7.4 | 9 / 0 | |
| 22.7.3 | 9 / 0 | |
| 22.7.2 | 9 / 0 | |
| 22.7.1 | 9 / 0 | |
| 22.7.0 | 9 / 0 | |
| 22.6.5 | 9 / 0 | |
| 22.6.4 | 9 / 0 | |
| 22.6.3 | 9 / 0 | |
| 22.6.2 | 9 / 0 | |
| 22.6.1 | 8 / 0 | |
| 22.6.0 | 8 / 0 | |
| 22.5.4 | 8 / 0 | |
| 22.5.3 | 8 / 0 | |
| 22.5.2 | 8 / 0 | |
| 22.5.1 | 8 / 0 | |
| 22.5.0 | 8 / 0 | |
| 22.4.5 | 8 / 0 | |
| 22.4.4 | 8 / 0 | |
| 22.4.3 | 8 / 0 | |
| 22.4.2 | 8 / 0 | |
| 22.4.1 | 8 / 0 | |
| 22.4.0 | 8 / 0 | |
| 22.3.3 | 8 / 0 | |
| 22.3.2 | 8 / 0 | |
| 22.3.1 | 8 / 0 | |
| 22.3.0 | 8 / 0 | |
| 22.2.7 | 8 / 0 | |
| 22.2.6 | 8 / 0 | |
| 22.2.5 | 8 / 0 | |
| 22.2.4 | 8 / 0 | |
| 22.2.3 | 8 / 0 | |
| 22.2.2 | 8 / 0 | |
| 22.2.1 | 8 / 0 | |
| 22.2.0 | 8 / 0 | |
| 22.1.3 | 8 / 0 | |
| 22.1.2 | 8 / 0 | |
| 22.1.1 | 8 / 0 | |
| 22.1.0 | 8 / 0 | |
| 22.0.4 | 8 / 0 | |
| 22.0.3 | 8 / 0 | |
| 22.0.2 | 8 / 0 | |
| 22.0.1 | 8 / 0 | |
| 22.0.0 | 8 / 0 | |
| 21.6.11 | 8 / 0 | |
| 21.6.10 | 8 / 0 | |
| 21.6.9 | 8 / 0 | |
| 21.3.12 | 8 / 0 | |
| 20.8.4 | 8 / 0 | |
| 20.8.3 | 8 / 0 |
v22.7.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.7.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.7.3
3 findingsSpreading entire process.env into an object — may capture all secrets 20 | cwd, 21 | stdio: 'inherit', > 22 | env: { 23 | ...process.env, 24 | NX_DAEMON: 'false',
Spreading entire process.env into an object — may capture all secrets 60 | (0, child_process_1.exec)(command, { 61 | cwd, > 62 | env: { ...process.env, NX_DAEMON: 'false' }, 63 | windowsHide: true, 64 | maxBuffer: 1024 * 1024 * 10, // 10MB — default 1MB can be exceeded by verbose PM output
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.7.2
3 findingsSpreading entire process.env into an object — may capture all secrets 20 | cwd, 21 | stdio: 'inherit', > 22 | env: { 23 | ...process.env, 24 | NX_DAEMON: 'false',
Spreading entire process.env into an object — may capture all secrets 60 | (0, child_process_1.exec)(command, { 61 | cwd, > 62 | env: { ...process.env, NX_DAEMON: 'false' }, 63 | windowsHide: true, 64 | maxBuffer: 1024 * 1024 * 10, // 10MB — default 1MB can be exceeded by verbose PM output
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.7.0
3 findingsSpreading entire process.env into an object — may capture all secrets 20 | cwd, 21 | stdio: 'inherit', > 22 | env: { 23 | ...process.env, 24 | NX_DAEMON: 'false',
Spreading entire process.env into an object — may capture all secrets 60 | (0, child_process_1.exec)(command, { 61 | cwd, > 62 | env: { ...process.env, NX_DAEMON: 'false' }, 63 | windowsHide: true, 64 | maxBuffer: 1024 * 1024 * 10, // 10MB — default 1MB can be exceeded by verbose PM output
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.6.5
3 findingsSpreading entire process.env into an object — may capture all secrets 20 | cwd, 21 | stdio: 'inherit', > 22 | env: { 23 | ...process.env, 24 | NX_DAEMON: 'false',
Spreading entire process.env into an object — may capture all secrets 60 | (0, child_process_1.exec)(command, { 61 | cwd, > 62 | env: { ...process.env, NX_DAEMON: 'false' }, 63 | windowsHide: true, 64 | maxBuffer: 1024 * 1024 * 10, // 10MB — default 1MB can be exceeded by verbose PM output
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.6.4
3 findingsSpreading entire process.env into an object — may capture all secrets 20 | cwd, 21 | stdio: 'inherit', > 22 | env: { 23 | ...process.env, 24 | NX_DAEMON: 'false',
Spreading entire process.env into an object — may capture all secrets 60 | (0, child_process_1.exec)(command, { 61 | cwd, > 62 | env: { ...process.env, NX_DAEMON: 'false' }, 63 | windowsHide: true, 64 | maxBuffer: 1024 * 1024 * 10, // 10MB — default 1MB can be exceeded by verbose PM output
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.6.3
3 findingsSpreading entire process.env into an object — may capture all secrets 20 | cwd, 21 | stdio: 'inherit', > 22 | env: { 23 | ...process.env, 24 | NX_DAEMON: 'false',
Spreading entire process.env into an object — may capture all secrets 60 | (0, child_process_1.exec)(command, { 61 | cwd, > 62 | env: { ...process.env, NX_DAEMON: 'false' }, 63 | windowsHide: true, 64 | maxBuffer: 1024 * 1024 * 10, // 10MB — default 1MB can be exceeded by verbose PM output
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.6.2
3 findingsSpreading entire process.env into an object — may capture all secrets 20 | cwd, 21 | stdio: 'inherit', > 22 | env: { 23 | ...process.env, 24 | NX_DAEMON: 'false',
Spreading entire process.env into an object — may capture all secrets 60 | (0, child_process_1.exec)(command, { 61 | cwd, > 62 | env: { ...process.env, NX_DAEMON: 'false' }, 63 | windowsHide: true, 64 | maxBuffer: 1024 * 1024 * 10, // 10MB — default 1MB can be exceeded by verbose PM output
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.6.1
3 findingsSpreading entire process.env into an object — may capture all secrets 20 | cwd, 21 | stdio: 'inherit', > 22 | env: { 23 | ...process.env, 24 | NX_DAEMON: 'false',
Spreading entire process.env into an object — may capture all secrets 46 | (0, child_process_1.exec)(command, { 47 | cwd, > 48 | env: { ...process.env, NX_DAEMON: 'false' }, 49 | windowsHide: true, 50 | maxBuffer: 1024 * 1024 * 10, // 10MB — default 1MB can be exceeded by verbose PM output
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.6.0
3 findingsSpreading entire process.env into an object — may capture all secrets 20 | cwd, 21 | stdio: 'inherit', > 22 | env: { 23 | ...process.env, 24 | NX_DAEMON: 'false',
Spreading entire process.env into an object — may capture all secrets 46 | (0, child_process_1.exec)(command, { 47 | cwd, > 48 | env: { ...process.env, NX_DAEMON: 'false' }, 49 | windowsHide: false, 50 | maxBuffer: 1024 * 1024 * 10, // 10MB — default 1MB can be exceeded by verbose PM output
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.5.4
3 findingsSpreading entire process.env into an object — may capture all secrets 20 | cwd, 21 | stdio: 'inherit', > 22 | env: { 23 | ...process.env, 24 | NX_DAEMON: 'false',
Spreading entire process.env into an object — may capture all secrets 44 | function execAndWait(command, cwd, silenceErrors = false) { 45 | return new Promise((res, rej) => { > 46 | (0, child_process_1.exec)(command, { cwd, env: { ...process.env, NX_DAEMON: 'false' }, windowsHide: false }, (er 47 | if (error) { 48 | if (silenceErrors) {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.5.3
3 findingsSpreading entire process.env into an object — may capture all secrets 20 | cwd, 21 | stdio: 'inherit', > 22 | env: { 23 | ...process.env, 24 | NX_DAEMON: 'false',
Spreading entire process.env into an object — may capture all secrets 44 | function execAndWait(command, cwd, silenceErrors = false) { 45 | return new Promise((res, rej) => { > 46 | (0, child_process_1.exec)(command, { cwd, env: { ...process.env, NX_DAEMON: 'false' }, windowsHide: false }, (er 47 | if (error) { 48 | if (silenceErrors) {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.5.2
3 findingsSpreading entire process.env into an object — may capture all secrets 20 | cwd, 21 | stdio: 'inherit', > 22 | env: { 23 | ...process.env, 24 | NX_DAEMON: 'false',
Spreading entire process.env into an object — may capture all secrets 44 | function execAndWait(command, cwd, silenceErrors = false) { 45 | return new Promise((res, rej) => { > 46 | (0, child_process_1.exec)(command, { cwd, env: { ...process.env, NX_DAEMON: 'false' }, windowsHide: false }, (er 47 | if (error) { 48 | if (silenceErrors) {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.5.1
3 findingsSpreading entire process.env into an object — may capture all secrets 20 | cwd, 21 | stdio: 'inherit', > 22 | env: { 23 | ...process.env, 24 | NX_DAEMON: 'false',
Spreading entire process.env into an object — may capture all secrets 44 | function execAndWait(command, cwd, silenceErrors = false) { 45 | return new Promise((res, rej) => { > 46 | (0, child_process_1.exec)(command, { cwd, env: { ...process.env, NX_DAEMON: 'false' }, windowsHide: false }, (er 47 | if (error) { 48 | if (silenceErrors) {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.5.0
3 findingsSpreading entire process.env into an object — may capture all secrets 20 | cwd, 21 | stdio: 'inherit', > 22 | env: { 23 | ...process.env, 24 | NX_DAEMON: 'false',
Spreading entire process.env into an object — may capture all secrets 44 | function execAndWait(command, cwd, silenceErrors = false) { 45 | return new Promise((res, rej) => { > 46 | (0, child_process_1.exec)(command, { cwd, env: { ...process.env, NX_DAEMON: 'false' }, windowsHide: false }, (er 47 | if (error) { 48 | if (silenceErrors) {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.4.5
3 findingsSpreading entire process.env into an object — may capture all secrets 20 | cwd, 21 | stdio: 'inherit', > 22 | env: { 23 | ...process.env, 24 | NX_DAEMON: 'false',
Spreading entire process.env into an object — may capture all secrets 44 | function execAndWait(command, cwd, silenceErrors = false) { 45 | return new Promise((res, rej) => { > 46 | (0, child_process_1.exec)(command, { cwd, env: { ...process.env, NX_DAEMON: 'false' }, windowsHide: false }, (er 47 | if (error) { 48 | if (silenceErrors) {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.4.4
3 findingsSpreading entire process.env into an object — may capture all secrets 20 | cwd, 21 | stdio: 'inherit', > 22 | env: { 23 | ...process.env, 24 | NX_DAEMON: 'false',
Spreading entire process.env into an object — may capture all secrets 44 | function execAndWait(command, cwd, silenceErrors = false) { 45 | return new Promise((res, rej) => { > 46 | (0, child_process_1.exec)(command, { cwd, env: { ...process.env, NX_DAEMON: 'false' }, windowsHide: false }, (er 47 | if (error) { 48 | if (silenceErrors) {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.4.3
3 findingsSpreading entire process.env into an object — may capture all secrets 20 | cwd, 21 | stdio: 'inherit', > 22 | env: { 23 | ...process.env, 24 | NX_DAEMON: 'false',
Spreading entire process.env into an object — may capture all secrets 44 | function execAndWait(command, cwd, silenceErrors = false) { 45 | return new Promise((res, rej) => { > 46 | (0, child_process_1.exec)(command, { cwd, env: { ...process.env, NX_DAEMON: 'false' }, windowsHide: false }, (er 47 | if (error) { 48 | if (silenceErrors) {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.4.2
3 findingsSpreading entire process.env into an object — may capture all secrets 20 | cwd, 21 | stdio: 'inherit', > 22 | env: { 23 | ...process.env, 24 | NX_DAEMON: 'false',
Spreading entire process.env into an object — may capture all secrets 44 | function execAndWait(command, cwd, silenceErrors = false) { 45 | return new Promise((res, rej) => { > 46 | (0, child_process_1.exec)(command, { cwd, env: { ...process.env, NX_DAEMON: 'false' }, windowsHide: false }, (er 47 | if (error) { 48 | if (silenceErrors) {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.4.1
3 findingsSpreading entire process.env into an object — may capture all secrets 20 | cwd, 21 | stdio: 'inherit', > 22 | env: { 23 | ...process.env, 24 | NX_DAEMON: 'false',
Spreading entire process.env into an object — may capture all secrets 44 | function execAndWait(command, cwd, silenceErrors = false) { 45 | return new Promise((res, rej) => { > 46 | (0, child_process_1.exec)(command, { cwd, env: { ...process.env, NX_DAEMON: 'false' }, windowsHide: false }, (er 47 | if (error) { 48 | if (silenceErrors) {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.4.0
3 findingsSpreading entire process.env into an object — may capture all secrets 20 | cwd, 21 | stdio: 'inherit', > 22 | env: { 23 | ...process.env, 24 | NX_DAEMON: 'false',
Spreading entire process.env into an object — may capture all secrets 44 | function execAndWait(command, cwd, silenceErrors = false) { 45 | return new Promise((res, rej) => { > 46 | (0, child_process_1.exec)(command, { cwd, env: { ...process.env, NX_DAEMON: 'false' }, windowsHide: false }, (er 47 | if (error) { 48 | if (silenceErrors) {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.3.3
3 findingsSpreading entire process.env into an object — may capture all secrets 20 | cwd, 21 | stdio: 'inherit', > 22 | env: { 23 | ...process.env, 24 | NX_DAEMON: 'false',
Spreading entire process.env into an object — may capture all secrets 44 | function execAndWait(command, cwd, silenceErrors = false) { 45 | return new Promise((res, rej) => { > 46 | (0, child_process_1.exec)(command, { cwd, env: { ...process.env, NX_DAEMON: 'false' }, windowsHide: false }, (er 47 | if (error) { 48 | if (silenceErrors) {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.3.2
3 findingsSpreading entire process.env into an object — may capture all secrets 20 | cwd, 21 | stdio: 'inherit', > 22 | env: { 23 | ...process.env, 24 | NX_DAEMON: 'false',
Spreading entire process.env into an object — may capture all secrets 44 | function execAndWait(command, cwd, silenceErrors = false) { 45 | return new Promise((res, rej) => { > 46 | (0, child_process_1.exec)(command, { cwd, env: { ...process.env, NX_DAEMON: 'false' }, windowsHide: false }, (er 47 | if (error) { 48 | if (silenceErrors) {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.3.1
3 findingsSpreading entire process.env into an object — may capture all secrets 20 | cwd, 21 | stdio: 'inherit', > 22 | env: { 23 | ...process.env, 24 | NX_DAEMON: 'false',
Spreading entire process.env into an object — may capture all secrets 44 | function execAndWait(command, cwd, silenceErrors = false) { 45 | return new Promise((res, rej) => { > 46 | (0, child_process_1.exec)(command, { cwd, env: { ...process.env, NX_DAEMON: 'false' }, windowsHide: false }, (er 47 | if (error) { 48 | if (silenceErrors) {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.3.0
3 findingsSpreading entire process.env into an object — may capture all secrets 20 | cwd, 21 | stdio: 'inherit', > 22 | env: { 23 | ...process.env, 24 | NX_DAEMON: 'false',
Spreading entire process.env into an object — may capture all secrets 44 | function execAndWait(command, cwd, silenceErrors = false) { 45 | return new Promise((res, rej) => { > 46 | (0, child_process_1.exec)(command, { cwd, env: { ...process.env, NX_DAEMON: 'false' }, windowsHide: false }, (er 47 | if (error) { 48 | if (silenceErrors) {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.2.7
3 findingsSpreading entire process.env into an object — may capture all secrets 20 | cwd, 21 | stdio: 'inherit', > 22 | env: { 23 | ...process.env, 24 | NX_DAEMON: 'false',
Spreading entire process.env into an object — may capture all secrets 44 | function execAndWait(command, cwd, silenceErrors = false) { 45 | return new Promise((res, rej) => { > 46 | (0, child_process_1.exec)(command, { cwd, env: { ...process.env, NX_DAEMON: 'false' }, windowsHide: false }, (er 47 | if (error) { 48 | if (silenceErrors) {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.2.6
3 findingsSpreading entire process.env into an object — may capture all secrets 20 | cwd, 21 | stdio: 'inherit', > 22 | env: { 23 | ...process.env, 24 | NX_DAEMON: 'false',
Spreading entire process.env into an object — may capture all secrets 44 | function execAndWait(command, cwd, silenceErrors = false) { 45 | return new Promise((res, rej) => { > 46 | (0, child_process_1.exec)(command, { cwd, env: { ...process.env, NX_DAEMON: 'false' }, windowsHide: false }, (er 47 | if (error) { 48 | if (silenceErrors) {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.2.5
3 findingsSpreading entire process.env into an object — may capture all secrets 20 | cwd, 21 | stdio: 'inherit', > 22 | env: { 23 | ...process.env, 24 | NX_DAEMON: 'false',
Spreading entire process.env into an object — may capture all secrets 44 | function execAndWait(command, cwd, silenceErrors = false) { 45 | return new Promise((res, rej) => { > 46 | (0, child_process_1.exec)(command, { cwd, env: { ...process.env, NX_DAEMON: 'false' }, windowsHide: false }, (er 47 | if (error) { 48 | if (silenceErrors) {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.2.4
3 findingsSpreading entire process.env into an object — may capture all secrets 20 | cwd, 21 | stdio: 'inherit', > 22 | env: { 23 | ...process.env, 24 | NX_DAEMON: 'false',
Spreading entire process.env into an object — may capture all secrets 44 | function execAndWait(command, cwd, silenceErrors = false) { 45 | return new Promise((res, rej) => { > 46 | (0, child_process_1.exec)(command, { cwd, env: { ...process.env, NX_DAEMON: 'false' }, windowsHide: false }, (er 47 | if (error) { 48 | if (silenceErrors) {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.2.3
3 findingsSpreading entire process.env into an object — may capture all secrets 20 | cwd, 21 | stdio: 'inherit', > 22 | env: { 23 | ...process.env, 24 | NX_DAEMON: 'false',
Spreading entire process.env into an object — may capture all secrets 44 | function execAndWait(command, cwd, silenceErrors = false) { 45 | return new Promise((res, rej) => { > 46 | (0, child_process_1.exec)(command, { cwd, env: { ...process.env, NX_DAEMON: 'false' }, windowsHide: false }, (er 47 | if (error) { 48 | if (silenceErrors) {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.2.2
3 findingsSpreading entire process.env into an object — may capture all secrets 20 | cwd, 21 | stdio: 'inherit', > 22 | env: { 23 | ...process.env, 24 | NX_DAEMON: 'false',
Spreading entire process.env into an object — may capture all secrets 44 | function execAndWait(command, cwd, silenceErrors = false) { 45 | return new Promise((res, rej) => { > 46 | (0, child_process_1.exec)(command, { cwd, env: { ...process.env, NX_DAEMON: 'false' }, windowsHide: false }, (er 47 | if (error) { 48 | if (silenceErrors) {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.2.1
3 findingsSpreading entire process.env into an object — may capture all secrets 20 | cwd, 21 | stdio: 'inherit', > 22 | env: { 23 | ...process.env, 24 | NX_DAEMON: 'false',
Spreading entire process.env into an object — may capture all secrets 44 | function execAndWait(command, cwd, silenceErrors = false) { 45 | return new Promise((res, rej) => { > 46 | (0, child_process_1.exec)(command, { cwd, env: { ...process.env, NX_DAEMON: 'false' }, windowsHide: false }, (er 47 | if (error) { 48 | if (silenceErrors) {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.2.0
3 findingsSpreading entire process.env into an object — may capture all secrets 20 | cwd, 21 | stdio: 'inherit', > 22 | env: { 23 | ...process.env, 24 | NX_DAEMON: 'false',
Spreading entire process.env into an object — may capture all secrets 44 | function execAndWait(command, cwd, silenceErrors = false) { 45 | return new Promise((res, rej) => { > 46 | (0, child_process_1.exec)(command, { cwd, env: { ...process.env, NX_DAEMON: 'false' }, windowsHide: false }, (er 47 | if (error) { 48 | if (silenceErrors) {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.1.3
3 findingsSpreading entire process.env into an object — may capture all secrets 15 | cwd, 16 | stdio: 'inherit', > 17 | env: { 18 | ...process.env, 19 | NX_DAEMON: 'false',
Spreading entire process.env into an object — may capture all secrets 39 | function execAndWait(command, cwd, silenceErrors = false) { 40 | return new Promise((res, rej) => { > 41 | (0, child_process_1.exec)(command, { cwd, env: { ...process.env, NX_DAEMON: 'false' }, windowsHide: false }, (er 42 | if (error) { 43 | if (silenceErrors) {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.1.2
3 findingsSpreading entire process.env into an object — may capture all secrets 15 | cwd, 16 | stdio: 'inherit', > 17 | env: { 18 | ...process.env, 19 | NX_DAEMON: 'false',
Spreading entire process.env into an object — may capture all secrets 39 | function execAndWait(command, cwd, silenceErrors = false) { 40 | return new Promise((res, rej) => { > 41 | (0, child_process_1.exec)(command, { cwd, env: { ...process.env, NX_DAEMON: 'false' }, windowsHide: false }, (er 42 | if (error) { 43 | if (silenceErrors) {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.1.1
3 findingsSpreading entire process.env into an object — may capture all secrets 15 | cwd, 16 | stdio: 'inherit', > 17 | env: { 18 | ...process.env, 19 | NX_DAEMON: 'false',
Spreading entire process.env into an object — may capture all secrets 39 | function execAndWait(command, cwd, silenceErrors = false) { 40 | return new Promise((res, rej) => { > 41 | (0, child_process_1.exec)(command, { cwd, env: { ...process.env, NX_DAEMON: 'false' }, windowsHide: false }, (er 42 | if (error) { 43 | if (silenceErrors) {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.1.0
3 findingsSpreading entire process.env into an object — may capture all secrets 15 | cwd, 16 | stdio: 'inherit', > 17 | env: { 18 | ...process.env, 19 | NX_DAEMON: 'false',
Spreading entire process.env into an object — may capture all secrets 39 | function execAndWait(command, cwd, silenceErrors = false) { 40 | return new Promise((res, rej) => { > 41 | (0, child_process_1.exec)(command, { cwd, env: { ...process.env, NX_DAEMON: 'false' }, windowsHide: false }, (er 42 | if (error) { 43 | if (silenceErrors) {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.0.4
3 findingsSpreading entire process.env into an object — may capture all secrets 15 | cwd, 16 | stdio: 'inherit', > 17 | env: { 18 | ...process.env, 19 | NX_DAEMON: 'false',
Spreading entire process.env into an object — may capture all secrets 39 | function execAndWait(command, cwd, silenceErrors = false) { 40 | return new Promise((res, rej) => { > 41 | (0, child_process_1.exec)(command, { cwd, env: { ...process.env, NX_DAEMON: 'false' }, windowsHide: false }, (er 42 | if (error) { 43 | if (silenceErrors) {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.0.3
3 findingsSpreading entire process.env into an object — may capture all secrets 15 | cwd, 16 | stdio: 'inherit', > 17 | env: { 18 | ...process.env, 19 | NX_DAEMON: 'false',
Spreading entire process.env into an object — may capture all secrets 39 | function execAndWait(command, cwd, silenceErrors = false) { 40 | return new Promise((res, rej) => { > 41 | (0, child_process_1.exec)(command, { cwd, env: { ...process.env, NX_DAEMON: 'false' }, windowsHide: false }, (er 42 | if (error) { 43 | if (silenceErrors) {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.0.2
3 findingsSpreading entire process.env into an object — may capture all secrets 15 | cwd, 16 | stdio: 'inherit', > 17 | env: { 18 | ...process.env, 19 | NX_DAEMON: 'false',
Spreading entire process.env into an object — may capture all secrets 39 | function execAndWait(command, cwd, silenceErrors = false) { 40 | return new Promise((res, rej) => { > 41 | (0, child_process_1.exec)(command, { cwd, env: { ...process.env, NX_DAEMON: 'false' }, windowsHide: false }, (er 42 | if (error) { 43 | if (silenceErrors) {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.0.1
3 findingsSpreading entire process.env into an object — may capture all secrets 15 | cwd, 16 | stdio: 'inherit', > 17 | env: { 18 | ...process.env, 19 | NX_DAEMON: 'false',
Spreading entire process.env into an object — may capture all secrets 37 | function execAndWait(command, cwd, silenceErrors = false) { 38 | return new Promise((res, rej) => { > 39 | (0, child_process_1.exec)(command, { cwd, env: { ...process.env, NX_DAEMON: 'false' }, windowsHide: false }, (er 40 | if (error) { 41 | if (silenceErrors) {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.0.0
3 findingsSpreading entire process.env into an object — may capture all secrets 15 | cwd, 16 | stdio: 'inherit', > 17 | env: { 18 | ...process.env, 19 | NX_DAEMON: 'false',
Spreading entire process.env into an object — may capture all secrets 37 | function execAndWait(command, cwd, silenceErrors = false) { 38 | return new Promise((res, rej) => { > 39 | (0, child_process_1.exec)(command, { cwd, env: { ...process.env, NX_DAEMON: 'false' }, windowsHide: false }, (er 40 | if (error) { 41 | if (silenceErrors) {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v21.6.11
3 findingsSpreading entire process.env into an object — may capture all secrets 15 | cwd, 16 | stdio: 'inherit', > 17 | env: { 18 | ...process.env, 19 | NX_DAEMON: 'false',
Spreading entire process.env into an object — may capture all secrets 39 | function execAndWait(command, cwd, silenceErrors = false) { 40 | return new Promise((res, rej) => { > 41 | (0, child_process_1.exec)(command, { cwd, env: { ...process.env, NX_DAEMON: 'false' }, windowsHide: false }, (er 42 | if (error) { 43 | if (silenceErrors) {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v21.6.10
3 findingsSpreading entire process.env into an object — may capture all secrets 15 | cwd, 16 | stdio: 'inherit', > 17 | env: { 18 | ...process.env, 19 | NX_DAEMON: 'false',
Spreading entire process.env into an object — may capture all secrets 39 | function execAndWait(command, cwd, silenceErrors = false) { 40 | return new Promise((res, rej) => { > 41 | (0, child_process_1.exec)(command, { cwd, env: { ...process.env, NX_DAEMON: 'false' }, windowsHide: false }, (er 42 | if (error) { 43 | if (silenceErrors) {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v21.6.9
3 findingsSpreading entire process.env into an object — may capture all secrets 15 | cwd, 16 | stdio: 'inherit', > 17 | env: { 18 | ...process.env, 19 | NX_DAEMON: 'false',
Spreading entire process.env into an object — may capture all secrets 39 | function execAndWait(command, cwd, silenceErrors = false) { 40 | return new Promise((res, rej) => { > 41 | (0, child_process_1.exec)(command, { cwd, env: { ...process.env, NX_DAEMON: 'false' }, windowsHide: false }, (er 42 | if (error) { 43 | if (silenceErrors) {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v21.3.12
3 findingsSpreading entire process.env into an object — may capture all secrets 15 | cwd, 16 | stdio: 'inherit', > 17 | env: { 18 | ...process.env, 19 | NX_DAEMON: 'false',
Spreading entire process.env into an object — may capture all secrets 37 | function execAndWait(command, cwd) { 38 | return new Promise((res, rej) => { > 39 | (0, child_process_1.exec)(command, { cwd, env: { ...process.env, NX_DAEMON: 'false' }, windowsHide: false }, (er 40 | if (error) { 41 | const logFile = (0, path_1.join)(cwd, 'error.log');
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v20.8.4
4 findingsSpreading entire process.env into an object — may capture all secrets 15 | cwd, 16 | stdio: 'inherit', > 17 | env: { 18 | ...process.env, 19 | NX_DAEMON: 'false',
Spreading entire process.env into an object — may capture all secrets 37 | function execAndWait(command, cwd) { 38 | return new Promise((res, rej) => { > 39 | (0, child_process_1.exec)(command, { cwd, env: { ...process.env, NX_DAEMON: 'false' }, windowsHide: false }, (er 40 | if (error) { 41 | const logFile = (0, path_1.join)(cwd, 'error.log');
Spreading entire process.env into an object — may capture all secrets 25 | shell: true, 26 | cwd: directory, > 27 | env: { 28 | ...process.env, 29 | ...(options.commit?.name
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v20.8.3
4 findingsSpreading entire process.env into an object — may capture all secrets 15 | cwd, 16 | stdio: 'inherit', > 17 | env: { 18 | ...process.env, 19 | NX_DAEMON: 'false',
Spreading entire process.env into an object — may capture all secrets 37 | function execAndWait(command, cwd) { 38 | return new Promise((res, rej) => { > 39 | (0, child_process_1.exec)(command, { cwd, env: { ...process.env, NX_DAEMON: 'false' }, windowsHide: false }, (er 40 | if (error) { 41 | const logFile = (0, path_1.join)(cwd, 'error.log');
Spreading entire process.env into an object — may capture all secrets 25 | shell: true, 26 | cwd: directory, > 27 | env: { 28 | ...process.env, 29 | ...(options.commit?.name
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.