oclif
oclif: create your own CLI
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:env-spread | AI (semgrep): Standard pattern passing env to child process with NODE_ENV override; benign for this CLI tool. | ai | |
| semgrep | semgrep:dynamic-require | AI (semgrep): Loads resolved @oclif/plugin-legacy path; stable plugin-compat pattern across versions. | ai | |
| phantom-deps | phantom-dep:@oclif/plugin-help | AI (phantom-deps): Referenced as oclif plugin in config, not a direct import; expected pattern. | ai | |
| phantom-deps | phantom-dep:@oclif/plugin-not-found | AI (phantom-deps): Referenced as oclif plugin in config, not a direct import; expected pattern. | ai | |
| phantom-deps | phantom-dep:@oclif/plugin-warn-if-update-available | AI (phantom-deps): Referenced as oclif plugin in config, not a direct import; expected pattern. | ai | |
| phantom-deps | phantom-dep:eslint-plugin-perfectionist | AI (phantom-deps): ESLint plugin referenced in config files; standard pattern for linting deps. | ai |
Versions (showing 100 of 116)
| Version | Deps | Published |
|---|---|---|
| 4.22.98 | 24 / 34 | |
| 4.22.97 | 24 / 34 | |
| 4.22.96 | 24 / 34 | |
| 4.22.95 | 24 / 34 | |
| 4.22.94 | 24 / 34 | |
| 4.22.93 | 24 / 34 | |
| 4.22.92 | 24 / 34 | |
| 4.22.91 | 24 / 34 | |
| 4.22.90 | 24 / 34 | |
| 4.22.89 | 24 / 34 | |
| 4.22.88 | 24 / 34 | |
| 4.22.87 | 24 / 34 | |
| 4.22.86 | 24 / 34 | |
| 4.22.85 | 24 / 34 | |
| 4.22.84 | 24 / 34 | |
| 4.22.83 | 24 / 34 | |
| 4.22.82 | 24 / 34 | |
| 4.22.81 | 24 / 34 | |
| 4.22.80 | 24 / 34 | |
| 4.22.79 | 24 / 34 | |
| 4.22.78 | 24 / 34 | |
| 4.22.77 | 24 / 34 | |
| 4.22.76 | 24 / 34 | |
| 4.22.75 | 24 / 34 | |
| 4.22.74 | 24 / 34 | |
| 4.22.73 | 24 / 34 | |
| 4.22.72 | 24 / 34 | |
| 4.22.71 | 24 / 34 | |
| 4.22.70 | 24 / 34 | |
| 4.22.69 | 24 / 34 | |
| 4.22.68 | 24 / 34 | |
| 4.22.67 | 24 / 34 | |
| 4.22.66 | 24 / 34 | |
| 4.22.65 | 24 / 34 | |
| 4.22.64 | 24 / 34 | |
| 4.22.63 | 24 / 34 | |
| 4.22.62 | 24 / 34 | |
| 4.22.61 | 24 / 34 | |
| 4.22.60 | 24 / 34 | |
| 4.22.59 | 24 / 34 | |
| 4.22.58 | 24 / 34 | |
| 4.22.57 | 24 / 34 | |
| 4.22.56 | 24 / 34 | |
| 4.22.55 | 24 / 34 | |
| 4.22.54 | 24 / 34 | |
| 4.22.53 | 24 / 34 | |
| 4.22.52 | 24 / 34 | |
| 4.22.51 | 24 / 34 | |
| 4.22.50 | 24 / 34 | |
| 4.22.49 | 24 / 34 | |
| 4.22.48 | 24 / 34 | |
| 4.22.47 | 24 / 34 | |
| 4.22.46 | 24 / 34 | |
| 4.22.45 | 24 / 34 | |
| 4.22.44 | 24 / 34 | |
| 4.22.43 | 24 / 34 | |
| 4.22.42 | 24 / 34 | |
| 4.22.41 | 24 / 34 | |
| 4.22.40 | 24 / 34 | |
| 4.22.39 | 24 / 34 | |
| 4.22.38 | 24 / 34 | |
| 4.22.37 | 24 / 34 | |
| 4.22.36 | 24 / 34 | |
| 4.22.35 | 24 / 34 | |
| 4.22.32 | 24 / 34 | |
| 4.22.31 | 24 / 34 | |
| 4.22.30 | 24 / 34 | |
| 4.22.29 | 24 / 34 | |
| 4.22.28 | 24 / 34 | |
| 4.22.27 | 24 / 34 | |
| 4.22.26 | 24 / 34 | |
| 4.22.25 | 24 / 34 | |
| 4.22.24 | 24 / 34 | |
| 4.22.23 | 24 / 34 | |
| 4.22.22 | 24 / 34 | |
| 4.22.21 | 24 / 34 | |
| 4.22.20 | 24 / 34 | |
| 4.22.19 | 24 / 34 | |
| 4.22.18 | 24 / 34 | |
| 4.22.17 | 24 / 34 | |
| 4.22.16 | 24 / 34 | |
| 4.22.15 | 24 / 34 | |
| 4.22.14 | 24 / 34 | |
| 4.22.13 | 24 / 34 | |
| 4.22.12 | 24 / 34 | |
| 4.22.11 | 24 / 34 | |
| 4.22.10 | 24 / 34 | |
| 4.22.9 | 24 / 34 | |
| 4.22.8 | 24 / 34 | |
| 4.22.7 | 24 / 34 | |
| 4.22.6 | 24 / 34 | |
| 4.22.5 | 24 / 34 | |
| 4.22.4 | 24 / 34 | |
| 4.22.3 | 24 / 34 | |
| 4.22.2 | 24 / 34 | |
| 4.22.1 | 24 / 34 | |
| 4.22.0 | 24 / 34 | |
| 4.21.2 | 24 / 34 | |
| 4.21.1 | 24 / 34 | |
| 4.21.0 | 24 / 34 |
v4.22.98
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/f1b5bc504e6083a3eea717d549544bd9c0953e64/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.97
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/52ed6d11f9389162cf055f272e3b27e3dfcefab8/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.96
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/86027e08736cda0c3d47fec3ff68ac08b59b1438/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.95
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/62400a793e193d6b2a68a4af890bc653c8fabd2e/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.94
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/8d7fc88bc85bd86dcc1c8978bdbe5e03db201523/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.93
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/6ea10947f80b0a264b14baa15f2945cc70c9369d/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.92
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/9d9c29ad3c2b03eb0170399fb1095fb5b3c2d352/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.91
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/35cac185b9401ee640490b23fcb799290ee7e888/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.90
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/a10a70cb4000f723ea27e76fd4eb8cf62240bd25/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.89
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/36ce1e4f4669e271b05c3221f6eb459555478950/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.88
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/220155aab4413aa7ab51150341784756abf6c891/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.87
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/d1709f81683ee2ce7c054fdb9cacfd5ae95401bf/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.86
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/22a5a4178fcabaea77ddf49661cc20a892a8cbf4/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.85
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/7614199e5ad291baea90f0efe5c289a754f7aa2f/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.84
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/61828030f5ed01d82bad0f3701f31be18d296565/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.83
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/a7984068f63fa5bee47d26ad4d4ee0e3579b8502/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.82
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/e5b9c5529bf91ce9fc38eae469f218558948eb8b/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.81
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/83cb53c09a9520592cecd8a5146db1fb8b5ac251/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.80
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/85e5ee2116b83436fdc585c33744484f4d4b9c94/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.79
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/f1398b37b508b5d5def75d0fae880ff03d4f8faa/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.78
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/c277a8f111c1597989665a02fffd067509b4e8f7/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.77
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/2e2c0ad3daca19b3457163ad5d587ce0dc2cc2f2/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.76
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/d325e3f57ed54ee9e18596be9a39cdefc9a89986/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.75
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/0011a1211cd2fc27ba674bad2d93173ca441436e/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.74
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/a74383c08358a20c609bd4f7349a651d671524d6/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.73
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/5a1b2536665602ab0e97d21db32432fa12feb40e/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.72
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/fc4a60a693706a25b4e92a7e4fb14733fef6dba8/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.71
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/b84f7d9266677645d860df9327e13aadb75a1a3d/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.70
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/8db10034197079f60a952471599397932d302a23/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.69
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/56548b3fbcd0c8f86ea2f0356c586d6b99ace418/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.68
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/d8d27e7bd7bab022b180191b4d3966aa12bfd33e/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.67
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/c4fe85407f7ac88f43ef07bea2b0084c114e91de/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.66
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/595ad1637a2d8664cfff2f95ff1ffc5f95f29e15/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.65
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/21d5d412034a9df9558840f6b7d14ba630df2e99/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.64
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/4615e054d6a0786f34257573f4f37c471244218a/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.63
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/28f02b7f22fd534cbf2e7c3261a3409245d54e62/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.62
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/9f364c6e215aff35a9133b17640c93ef6ba163f4/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.61
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/38214bf8e2c2bbc2992dd1d124ec01308d117a6d/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.60
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/91e359bcf58f9e0190c41a320564e30ea1f2fc1d/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.59
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/32c310ed5763476fa787bc2f9fdec434e1f312f3/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.58
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/aa45d97c054034cda66a920d959c3922a1ca4c3a/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.57
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/4eadb2ee8243a5d109f0b7acfb4531223c994285/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.56
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/929887885775211fd59a2e2553f7b25d72c69997/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.55
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/8174ae1a0c9f63a22c6ac60fe8bfe26016cf5c76/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.54
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/e37712f726ed36b08080a35ccc61ff8bbb44e9a0/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.53
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/d360e0122a4e61193d7005ced515bae845b90742/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.52
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/54065c68b19cd842bfbdeb7ee0ac8884975fb0a8/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.51
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/4abc123baffb9ac342f0eeea221d749881c97c3f/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.50
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/b3cd26a86ce0704035daed6f887cd8e277d5ff24/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.49
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/307978e110114bfce56c9334dbbcc35f9f655762/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.48
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/176e93ae77901839cd685ef7aeee6de9844f0b49/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.47
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/49418fefa60973e1b4f5ff15532557bdcf31da0a/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.46
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/d5a99e5902a7a45dbe4bdac7bc30ff9aa3a440e3/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.45
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/d99d58025a61fee5819c40dcbb5690f9d52c781f/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.44
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/2d23eb227699a960ed5e0e92c2385052fb35a8eb/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.43
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/a6ab364b68960bbc730707f2c50aefb340c035cc/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.42
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/7fa89b2935b57029a5bf4705a8a4995edf9fc121/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.41
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/7ccce6e8728c6e229ca3f1ca69f90f8cf3e6dbd9/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.40
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/a1e88cf71cd8c7fb2b07c870bac3ab787bc7f29b/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.39
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/c527611271856d1fa08b22b7d101e0cccef12e14/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.38
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/1b03a90ad0130e1c5378d9a5ab109c2da0ff8d39/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.37
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/9a2e162abad84291759e0d983aa24eee2b7e490f/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.36
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/9316018735625f3839e5ffafabe715f8127a13ae/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.35
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/96b83a280fcde42d049ed67cb5e877547bfd9f97/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.32
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/216edd12a69bff91ebf5d217b9f06b5ae271098b/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.31
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/4badd3cfdf858abe08d5340cbf6b211f52f75ada/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.30
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/0b4be72ab3bff7faf136cd4e86143db7d94fac10/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.29
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/97522827b90a8d81f3a1e45cbcd75f78ed3ac408/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.28
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/b9ff93eb974ffd98a62d54c7f7b2f3e5185af355/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.27
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/d9520fd2e0347e531acdae75a91853d69f1e4dc0/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.26
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/7442c809bd042e26af20b6fb9288dc238eb1a492/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.25
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/d5a63d91ddb47b4538620ea1988f5696adfc554d/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.24
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/f9d5ce2d640e92502cf716efd28770d0a7495a58/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.23
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/1ff1df75be8577c6e253ef0e5326062e8d397057/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.22
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/a9ce39fe8ac18c837a9939eee8a6e3075ac2bf71/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.21
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/c9cc55de24ac3c6fea28f158d424e51fdc039c50/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.20
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/60a046960a1e56a9af13165fc144d297731d15bf/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.19
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/81f5f4fa7f9338e9cff5e8f1cce8b33e20754f82/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.18
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/428abfac49a23c6835d604d6747ac86dfac0d42d/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.17
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/de648717dc11edd4259f9eee39886b34362485e5/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.16
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/d6fec7210e228ccfaf6121280eee5ce955cd7c18/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.15
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/daf4f4a1873970bfcba33a0fe5b5e4491d86927e/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.14
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/1f1264a6b5c6a7b3bc302a41a6b4cbf00beb292f/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.13
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/b297bd334e1e7325bca7ec7a023fdcc41bf8faf1/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.12
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/a6ef9f13e3644f8e75a6f645217dd0ed878b6bea/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.11
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/a7b5c4153eb51334283b57bbf770e7e068f7b96c/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.10
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/ffa27d1e87ba8c9e88e57b7df334adf61b98e52e/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.9
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/7f6f0a8f06904126b3216088536718d20907e4a3/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.8
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/fb469c3d2c799d499f2e68df3f66cd9138b7f8e7/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.7
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/1acdba249428ae4cb2f93807f1eeb9d47ae1b85b/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.6
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/8f5714f70e8f6dadf55666fc61aa7df9d6008fd0/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.5
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/fa973d0b1760dc5ba45dd3c174471c7cd4efcd71/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.4
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/1dc891bfb08c3fb328fc339a595e8c83a664cc46/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.3
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/91f85e3dac0a509e4dcb12991e0bb6d3f16dde44/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.2
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/c4e01c81e952ddd12e53b1ead0e4db24ab999b20/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.1
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/949faa7d4713af9ca8784899ad358292639c79c7/lib/commands/generate.js#L241 239 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 240 | // in that scenario. > 241 | env: { ...process.env, NODE_ENV: 'production' }, 242 | silent: false, 243 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.22.0
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/f834b96c633507b73b91f703e03ac21390f22309/lib/commands/generate.js#L240 238 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 239 | // in that scenario. > 240 | env: { ...process.env, NODE_ENV: 'production' }, 241 | silent: false, 242 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.21.2
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/60f38138692f1f147ce77cbb54ba194a1b028547/lib/commands/generate.js#L240 238 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 239 | // in that scenario. > 240 | env: { ...process.env, NODE_ENV: 'production' }, 241 | silent: false, 242 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.21.1
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/990daa9fb0628b4dfd7e163d8ed3e4dadc68e52c/lib/commands/generate.js#L240 238 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 239 | // in that scenario. > 240 | env: { ...process.env, NODE_ENV: 'production' }, 241 | silent: false, 242 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.21.0
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/oclif/oclif/blob/516921b35e2680d9782db855a22cf541f8d99562/lib/commands/generate.js#L240 238 | // doesn't affect the behavior of the command in production since the NODE_ENV is already set to product 239 | // in that scenario. > 240 | env: { ...process.env, NODE_ENV: 'production' }, 241 | silent: false, 242 | });
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.