lingo.dev
Lingo.dev CLI
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:p-limit | AI (phantom-deps): Declared and used via dynamic plugin loaders; stable pattern for this package. | ai | |
| phantom-deps | phantom-dep:remark-disable-tokenizers | AI (phantom-deps): Declared and used via dynamic plugin loaders; stable pattern for this package. | ai | |
| phantom-deps | phantom-dep:mdast-util-from-markdown | AI (phantom-deps): Declared and used via dynamic plugin loaders; stable pattern for this package. | ai | |
| phantom-deps | phantom-dep:dedent | AI (phantom-deps): Declared and used via dynamic plugin loaders; stable pattern for this package. | ai | |
| phantom-deps | phantom-dep:micromark-extension-gfm | AI (phantom-deps): Declared and used via dynamic plugin loaders; stable pattern for this package. | ai | |
| phantom-deps | phantom-dep:remark-mdx-frontmatter | AI (phantom-deps): Declared and used via dynamic plugin loaders; stable pattern for this package. | ai | |
| phantom-deps | phantom-dep:remark-frontmatter | AI (phantom-deps): Stable false positive; dynamically loaded by this CLI's plugin/format system. | ai | |
| phantom-deps | phantom-dep:@paralleldrive/cuid2 | AI (phantom-deps): Stable false positive; dynamically loaded by this CLI's plugin/format system. | ai | |
| phantom-deps | phantom-dep:remark-stringify | AI (phantom-deps): Stable false positive; dynamically loaded by this CLI's plugin/format system. | ai | |
| phantom-deps | phantom-dep:unist-util-visit | AI (phantom-deps): Stable false positive; dynamically loaded by this CLI's plugin/format system. | ai | |
| phantom-deps | phantom-dep:@biomejs/wasm-nodejs | AI (phantom-deps): Stable false positive; dynamically loaded by this CLI's plugin/format system. | ai | |
| phantom-deps | phantom-dep:remark-gfm | AI (phantom-deps): Optional remark plugin loaded by convention. | ai | |
| phantom-deps | phantom-dep:remark-mdx | AI (phantom-deps): Optional remark plugin loaded by convention. | ai | |
| phantom-deps | phantom-dep:ink-spinner | AI (phantom-deps): Optional CLI UI component loaded by convention. | ai | |
| phantom-deps | phantom-dep:cli-progress | AI (phantom-deps): Optional CLI UI component loaded by convention. | ai | |
| phantom-deps | phantom-dep:remark-parse | AI (phantom-deps): Optional remark plugin loaded by convention. | ai | |
| phantom-deps | phantom-dep:remark-rehype | AI (phantom-deps): Optional remark plugin loaded by convention. | ai | |
| phantom-deps | phantom-dep:mdast-util-gfm | AI (phantom-deps): Optional mdast utility loaded by convention. | ai | |
| phantom-deps | phantom-dep:ink-progress-bar | AI (phantom-deps): Optional CLI UI component loaded by convention. | ai | |
| phantom-deps | phantom-dep:rehype-stringify | AI (phantom-deps): Optional rehype plugin loaded by convention. | ai | |
| phantom-deps | phantom-dep:marked | AI (phantom-deps): Optional format handler loaded by convention in this large CLI tool. | ai | |
| dependencies | unvetted-dep:@lingo.dev/_sdk | AI (dependencies): First-party scoped package from same org; stable pattern across versions. | ai | |
| dependencies | unvetted-dep:@lingo.dev/_spec | AI (dependencies): First-party scoped package from same org; stable pattern across versions. | ai | |
| dependencies | unvetted-dep:@lingo.dev/_react | AI (dependencies): First-party scoped package from same org; stable pattern across versions. | ai | |
| dependencies | unvetted-dep:@lingo.dev/_locales | AI (dependencies): First-party scoped package from same org; stable pattern across versions. | ai | |
| dependencies | unvetted-dep:@lingo.dev/_compiler | AI (dependencies): First-party scoped package from same org; stable pattern across versions. | ai | |
| phantom-deps | phantom-dep:vfile | AI (phantom-deps): Optional format handler loaded by convention in this large CLI tool. | ai | |
| phantom-deps | phantom-dep:xpath | AI (phantom-deps): Optional format handler loaded by convention in this large CLI tool. | ai | |
| phantom-deps | phantom-dep:unified | AI (phantom-deps): Optional format handler loaded by convention in this large CLI tool. | ai | |
| phantom-deps | phantom-dep:@inkjs/ui | AI (phantom-deps): Optional UI component loaded by convention in this CLI tool. | ai | |
| phantom-deps | phantom-dep:@types/ejs | AI (phantom-deps): Type-only package, framework-scoped; stable false positive. | ai | |
| phantom-deps | phantom-dep:ejs | AI (phantom-deps): Bundled CLI; deps loaded dynamically by format handlers, not via direct top-level imports. | ai | |
| phantom-deps | phantom-dep:posthog-node | AI (phantom-deps): Analytics loaded indirectly in bundled CLI. | ai | |
| phantom-deps | phantom-dep:xliff | AI (phantom-deps): Format handler loaded dynamically in bundled CLI. | ai | |
| phantom-deps | phantom-dep:react | AI (phantom-deps): Bundled CLI with React-based ink UI; loaded indirectly. | ai | |
| phantom-deps | phantom-dep:sax | AI (phantom-deps): Bundled CLI; format-specific parser loaded indirectly. | ai | |
| phantom-deps | phantom-dep:ink | AI (phantom-deps): Bundled CLI; ink used via compiled output, not direct import. | ai |
Versions (showing 51 of 246)
| Version | Deps | Published |
|---|---|---|
| 0.136.4 | 98 / 21 | |
| 0.136.3 | 98 / 21 | |
| 0.136.2 | 98 / 21 | |
| 0.136.1 | 98 / 21 | |
| 0.136.0 | 98 / 21 | |
| 0.135.1 | 98 / 21 | |
| 0.135.0 | 98 / 21 | |
| 0.134.0 | 97 / 21 | |
| 0.133.12 | 99 / 23 | |
| 0.133.11 | 99 / 23 | |
| 0.133.9 | 99 / 23 | |
| 0.133.8 | 99 / 23 | |
| 0.133.7 | 99 / 23 | |
| 0.133.6 | 99 / 23 | |
| 0.133.5 | 99 / 23 | |
| 0.133.4 | 99 / 23 | |
| 0.133.3 | 99 / 23 | |
| 0.133.2 | 99 / 23 | |
| 0.133.1 | 99 / 23 | |
| 0.133.0 | 99 / 23 | |
| 0.132.10 | 99 / 23 | |
| 0.132.9 | 99 / 23 | |
| 0.132.8 | 99 / 23 | |
| 0.132.7 | 99 / 23 | |
| 0.132.6 | 99 / 23 | |
| 0.132.5 | 99 / 23 | |
| 0.132.4 | 99 / 23 | |
| 0.132.3 | 99 / 23 | |
| 0.132.2 | 99 / 23 | |
| 0.132.0 | 99 / 23 | |
| 0.131.7 | 99 / 23 | |
| 0.131.6 | 99 / 23 | |
| 0.131.5 | 99 / 23 | |
| 0.131.4 | 99 / 23 | |
| 0.131.3 | 99 / 23 | |
| 0.131.2 | 99 / 23 | |
| 0.131.1 | 99 / 23 | |
| 0.131.0 | 99 / 23 | |
| 0.130.2 | 99 / 23 | |
| 0.130.1 | 99 / 23 | |
| 0.130.0 | 99 / 23 | |
| 0.129.0 | 99 / 23 | |
| 0.128.0 | 99 / 23 | |
| 0.127.0 | 99 / 23 | |
| 0.126.1 | 99 / 23 | |
| 0.126.0 | 99 / 23 | |
| 0.125.5 | 99 / 23 | |
| 0.125.4 | 99 / 23 | |
| 0.125.3 | 99 / 23 | |
| 0.125.2 | 99 / 23 | |
| 0.125.1 | 99 / 23 |
v0.136.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.136.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.136.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.136.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.136.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.135.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.135.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.134.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.133.12
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.133.9
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.133.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.133.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.133.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.133.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.133.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.133.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.133.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.133.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.133.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.132.10
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.132.9
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.132.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.132.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.132.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.132.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.132.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.132.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.132.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.132.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.131.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.131.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.131.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.131.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.131.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.131.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.131.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.131.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.130.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.130.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.130.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.129.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.128.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.127.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.126.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.126.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.125.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.125.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.125.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.125.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.125.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.