inngest-cli SEE LICENSE IN LICENSE.md 4 versions

inngest-cli

The leading workflow orchestration platform. Run stateful step functions and AI workflows on serverless, servers, or the edge.

Versions

SEE LICENSE IN LICENSE.md

License

Yes

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

djfarrellyjpwilliamsinngest-release-bot

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
install-scripts	install-script:postinstall	AI (install-scripts): Documented binary-fetch postinstall for CLI tool; stable pattern across all versions of this package.	ai	2026/05/25
bogus-package	bogus-package	AI (bogus-package): CLI wrapper package; README link dump and missing keywords are expected for this type of package.	ai	2026/05/25

2 findings

HIGH Package has 'postinstall' script install-scripts

Script: node postinstall.js

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

2 findings

HIGH Package has 'postinstall' script install-scripts

Script: node postinstall.js

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

2 findings

HIGH Package has 'postinstall' script install-scripts

Script: node postinstall.js

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

2 findings

HIGH Package has 'postinstall' script install-scripts

Script: node postinstall.js

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.