powerlines
The "framework framework" that simplifies modern dev tool usage, generates virtual (or actual) code modules, and improves DX across the board.
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:@jridgewell/sourcemap-codec | AI (phantom-deps): Config-referenced dep; stable FP for this package. | ai | |
| phantom-deps | phantom-dep:locate-character | AI (phantom-deps): Config-referenced dep; stable FP for this package. | ai | |
| phantom-deps | phantom-dep:@stryke/convert | AI (phantom-deps): First-party @stryke scoped dep; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@stryke/env | AI (phantom-deps): First-party @stryke scoped dep; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:unplugin | AI (phantom-deps): Declared dep; used indirectly via @powerlines/unplugin integration layer. | ai | |
| phantom-deps | phantom-dep:defu | AI (phantom-deps): Declared in package.json deps; likely re-exported or used indirectly via sub-packages in this monorepo. | ai | |
| phantom-deps | phantom-dep:@stryke/fs | AI (phantom-deps): First-party @stryke scoped dep; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@storm-software/config-tools | AI (phantom-deps): First-party @storm-software scoped dep; stable false positive for this package. | ai | |
| source-diff | obfuscated-file:dist/plugin-utils.d.cts | AI (source-diff): File is a TypeScript declaration file with long bundled import lines, not obfuscated executable code. | ai | |
| provenance | publisher-changed | AI (provenance): Publisher changed to GitHub Actions with SLSA provenance attestation; legitimate CI/CD migration for this org. | ai | |
| phantom-deps | phantom-dep:@babel/plugin-transform-react-jsx | AI (phantom-deps): Framework-scoped Babel plugin; loaded by convention in build tools. | ai | |
| phantom-deps | phantom-dep:@babel/plugin-transform-typescript | AI (phantom-deps): Framework-scoped Babel plugin; loaded by convention in build tools. | ai | |
| phantom-deps | phantom-dep:@babel/plugin-syntax-class-properties | AI (phantom-deps): Framework-scoped Babel plugin; loaded by convention in build tools. | ai | |
| phantom-deps | phantom-dep:@babel/plugin-syntax-typescript | AI (phantom-deps): Framework-scoped Babel plugin; loaded by convention in build tools. | ai | |
| phantom-deps | phantom-dep:@babel/plugin-transform-export-namespace-from | AI (phantom-deps): Framework-scoped Babel plugin; loaded by convention in build tools. | ai | |
| phantom-deps | phantom-dep:@babel/plugin-syntax-import-assertions | AI (phantom-deps): Framework-scoped Babel plugin; loaded by convention in build tools. | ai | |
| phantom-deps | phantom-dep:@babel/plugin-syntax-jsx | AI (phantom-deps): Framework-scoped Babel plugin; loaded by convention in build tools. | ai | |
| phantom-deps | phantom-dep:@babel/preset-typescript | AI (phantom-deps): Framework-scoped Babel preset; loaded by convention in build tools. | ai | |
| phantom-deps | phantom-dep:@babel/helper-simple-access | AI (phantom-deps): Framework-scoped Babel helper; loaded by convention in build tools. | ai | |
| phantom-deps | phantom-dep:@babel/helper-module-imports | AI (phantom-deps): Framework-scoped Babel helper; loaded by convention in build tools. | ai | |
| phantom-deps | phantom-dep:@babel/helper-module-transforms | AI (phantom-deps): Framework-scoped Babel helper; loaded by convention in build tools. | ai | |
| phantom-deps | phantom-dep:@storm-software/esbuild | AI (phantom-deps): Config-referenced tool; stable pattern for this build-tool framework. | ai | |
| phantom-deps | phantom-dep:@babel/plugin-proposal-decorators | AI (phantom-deps): Framework-scoped Babel plugin; loaded by convention in build tools. | ai | |
| dependencies | unvetted-dep:@storm-software/tsup | AI (dependencies): First-party Storm Software package from the same publisher org with 233 approved packages; stable for this package. | ai | |
| phantom-deps | phantom-dep:@babel/parser | AI (phantom-deps): powerlines is a build framework that loads Babel plugins by convention; phantom Babel deps are expected and stable across versions. | ai | |
| phantom-deps | phantom-dep:@babel/template | AI (phantom-deps): Framework-scoped Babel package loaded by convention; expected for this build framework. | ai | |
| phantom-deps | phantom-dep:@babel/generator | AI (phantom-deps): Framework-scoped Babel package loaded by convention; expected for this build framework. | ai | |
| phantom-deps | phantom-dep:@alloy-js/babel-plugin | AI (phantom-deps): Config-referenced package for this build framework; phantom dep pattern is stable. | ai | |
| phantom-deps | phantom-dep:@alloy-js/babel-preset | AI (phantom-deps): Config-referenced package for this build framework; phantom dep pattern is stable. | ai | |
| phantom-deps | phantom-dep:@microsoft/tsdoc-config | AI (phantom-deps): Config-referenced package for this build framework; phantom dep pattern is stable. | ai | |
| phantom-deps | phantom-dep:@microsoft/api-extractor | AI (phantom-deps): Config-referenced package for this build framework; phantom dep pattern is stable. | ai | |
| phantom-deps | phantom-dep:@typescript-eslint/utils | AI (phantom-deps): Config-referenced package for this build framework; phantom dep pattern is stable. | ai | |
| phantom-deps | phantom-dep:nanotar | AI (phantom-deps): Config-referenced package for this build framework; phantom dep pattern is stable. | ai | |
| phantom-deps | phantom-dep:github-slugger | AI (phantom-deps): Config-referenced package for this build framework; phantom dep pattern is stable. | ai | |
| phantom-deps | phantom-dep:babel-plugin-parameter-decorator | AI (phantom-deps): Config-referenced Babel plugin for this build framework; phantom dep pattern is stable. | ai | |
| phantom-deps | phantom-dep:babel-dead-code-elimination | AI (phantom-deps): Config-referenced Babel plugin for this build framework; phantom dep pattern is stable. | ai | |
| phantom-deps | phantom-dep:@alloy-js/babel-plugin-jsx-dom-expressions | AI (phantom-deps): Config-referenced package for this build framework; phantom dep pattern is stable. | ai | |
| dependencies | unvetted-dep:@storm-software/esbuild | AI (dependencies): First-party Storm Software package from the same publisher org with 233 approved packages; stable for this package. | ai | |
| dependencies | unvetted-dep:babel-plugin-parameter-decorator | AI (dependencies): Well-known Babel plugin for TypeScript decorator support; no security concerns for this build framework. | ai | |
| dependencies | unvetted-dep:handlebars | AI (dependencies): Handlebars is a well-known templating library used legitimately in this code-generation framework. Constraint ^4.7.8 starts at a patched version past known prototype pollution CVEs. | ai | |
| phantom-deps | phantom-dep:@cacheable/memory | AI (phantom-deps): @cacheable/memory is a runtime dep used via dynamic/config-driven loading in this plugin framework; not directly imported but legitimately declared. | ai | |
| phantom-deps | phantom-dep:oxc-resolver | AI (phantom-deps): oxc-resolver is a runtime dep used via dynamic/config-driven loading in this plugin framework; not directly imported but legitimately declared. | ai | |
| phantom-deps | phantom-dep:unimport | AI (phantom-deps): unimport is a runtime dep used via dynamic/config-driven loading in this plugin framework; not directly imported but legitimately declared. | ai | |
| dependencies | unvetted-dep:@storm-software/config | AI (dependencies): @storm-software/* packages are first-party Storm Software org packages, consistent with monorepo publishing pattern. | ai | |
| dependencies | unvetted-dep:@powerlines/engine | AI (dependencies): @powerlines/* packages are first-party packages from the same Storm Software monorepo as powerlines itself. | ai | |
| dependencies | unvetted-dep:@powerlines/core | AI (dependencies): @powerlines/* packages are first-party packages from the same Storm Software monorepo as powerlines itself. | ai | |
| dependencies | unvetted-dep:@stryke/convert | AI (dependencies): @stryke/* packages are first-party Storm Software org packages, consistent with monorepo publishing pattern for this package family. | ai | |
| dependencies | unvetted-dep:@stryke/fs | AI (dependencies): @stryke/* packages are first-party Storm Software org packages, consistent with monorepo publishing pattern for this package family. | ai | |
| dependencies | unvetted-dep:@stryke/env | AI (dependencies): @stryke/* packages are first-party Storm Software org packages, consistent with monorepo publishing pattern for this package family. | ai | |
| phantom-deps | phantom-dep:@storm-software/config | AI (phantom-deps): Referenced in config files but not directly imported is expected behavior for a config package in a monorepo build tool context. | ai | |
| phantom-deps | phantom-dep:@babel/types | AI (phantom-deps): @babel/types is a well-known package loaded by convention in build tooling; phantom dep finding is expected for this type of framework package. | ai | |
| dependencies | unvetted-dep:@storm-software/config-tools | AI (dependencies): @storm-software/* packages are first-party Storm Software org packages, consistent with monorepo publishing pattern. | ai |
Versions (showing 90 of 190)
| Version | Deps | Published |
|---|---|---|
| 0.47.10 | 11 / 5 | |
| 0.47.9 | 11 / 5 | |
| 0.47.8 | 11 / 5 | |
| 0.47.7 | 11 / 5 | |
| 0.47.4 | 10 / 5 | |
| 0.47.3 | 10 / 5 | |
| 0.47.2 | 10 / 5 | |
| 0.47.1 | 10 / 5 | |
| 0.47.0 | 10 / 5 | |
| 0.46.6 | 10 / 5 | |
| 0.46.5 | 10 / 5 | |
| 0.46.4 | 10 / 5 | |
| 0.46.3 | 10 / 5 | |
| 0.46.2 | 10 / 5 | |
| 0.46.1 | 10 / 5 | |
| 0.46.0 | 10 / 5 | |
| 0.45.3 | 10 / 5 | |
| 0.45.2 | 10 / 5 | |
| 0.45.1 | 10 / 5 | |
| 0.45.0 | 10 / 5 | |
| 0.44.12 | 10 / 5 | |
| 0.44.11 | 10 / 5 | |
| 0.44.10 | 10 / 5 | |
| 0.44.9 | 10 / 5 | |
| 0.44.8 | 10 / 5 | |
| 0.44.7 | 10 / 5 | |
| 0.44.6 | 10 / 5 | |
| 0.44.5 | 10 / 5 | |
| 0.44.4 | 10 / 5 | |
| 0.44.3 | 10 / 5 | |
| 0.44.2 | 10 / 5 | |
| 0.44.1 | 10 / 5 | |
| 0.44.0 | 10 / 5 | |
| 0.43.31 | 10 / 5 | |
| 0.43.30 | 10 / 5 | |
| 0.43.29 | 10 / 5 | |
| 0.43.28 | 10 / 5 | |
| 0.43.27 | 10 / 5 | |
| 0.43.26 | 10 / 5 | |
| 0.43.25 | 10 / 5 | |
| 0.43.24 | 10 / 5 | |
| 0.43.23 | 10 / 5 | |
| 0.43.22 | 10 / 5 | |
| 0.43.21 | 10 / 5 | |
| 0.43.20 | 10 / 5 | |
| 0.43.19 | 10 / 5 | |
| 0.43.18 | 10 / 5 | |
| 0.43.17 | 10 / 5 | |
| 0.43.16 | 10 / 5 | |
| 0.43.15 | 10 / 5 | |
| 0.43.14 | 10 / 5 | |
| 0.43.13 | 10 / 5 | |
| 0.43.12 | 10 / 5 | |
| 0.43.11 | 10 / 5 | |
| 0.43.10 | 10 / 5 | |
| 0.43.9 | 10 / 5 | |
| 0.43.8 | 10 / 5 | |
| 0.43.7 | 10 / 5 | |
| 0.43.5 | 10 / 5 | |
| 0.43.4 | 10 / 5 | |
| 0.43.3 | 10 / 5 | |
| 0.43.2 | 10 / 5 | |
| 0.43.1 | 10 / 5 | |
| 0.43.0 | 10 / 5 | |
| 0.42.41 | 32 / 7 | |
| 0.42.39 | 32 / 7 | |
| 0.42.36 | 32 / 7 | |
| 0.42.34 | 31 / 7 | |
| 0.42.28 | 29 / 19 | |
| 0.42.27 | 29 / 19 | |
| 0.42.23 | 29 / 19 | |
| 0.42.22 | 29 / 19 | |
| 0.42.21 | 29 / 19 | |
| 0.42.20 | 29 / 19 | |
| 0.42.18 | 29 / 19 | |
| 0.42.16 | 29 / 19 | |
| 0.42.6 | 29 / 19 | |
| 0.41.20 | 29 / 19 | |
| 0.39.12 | 28 / 19 | |
| 0.39.4 | 27 / 19 | |
| 0.37.10 | 72 / 19 | |
| 0.36.15 | 71 / 17 | |
| 0.36.14 | 71 / 17 | |
| 0.36.6 | 71 / 17 | |
| 0.34.8 | 71 / 17 | |
| 0.34.2 | 71 / 17 | |
| 0.15.0 | 67 / 16 | |
| 0.14.5 | 10 / 5 | |
| 0.14.4 | 10 / 5 | |
| 0.14.1 | 67 / 16 |
v0.47.10
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.47.9
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.47.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.47.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.47.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.47.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.47.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.47.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.47.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.46.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.46.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.46.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.46.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.46.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.46.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.46.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.45.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.45.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.45.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.45.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.43.31
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.43.30
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.43.29
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.43.28
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.43.27
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.43.26
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.43.25
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.43.24
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.43.23
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.43.22
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.43.21
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.43.20
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.43.19
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.43.18
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.43.17
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.43.16
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.43.15
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.43.14
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.43.13
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.43.12
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.43.11
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.43.10
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.43.9
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.43.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.43.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.43.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.43.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.43.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.43.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.43.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.43.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.42.41
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.42.39
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.42.36
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.42.34
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.42.28
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.42.27
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.42.23
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.42.22
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.42.21
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.42.20
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.42.18
2 findingsThis version was published by a different npm account than previous versions on 2026-03-23. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.42.16
2 findingsThis version was published by a different npm account than previous versions on 2026-03-23. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.42.6
2 findingsThis version was published by a different npm account than previous versions on 2026-03-19. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.41.20
2 findingsThis version was published by a different npm account than previous versions on 2026-03-16. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.39.12
3 findingsThis version was published by a different npm account than previous versions on 2026-03-01. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.39.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.37.10
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.36.15
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.36.14
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.36.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.34.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.34.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.15.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.14.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.14.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.14.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.