ttsc
General-purpose TypeScript-Go compiler, plugin host, and runtime.
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:env-spread | AI (semgrep): Compiler wrapper merging process.env for child process spawning; expected pattern for this tool. | ai | |
| semgrep | semgrep:dynamic-require | AI (semgrep): Plugin loader resolving user-specified plugin modules by name; core documented feature of this package. | ai |
Versions (showing 29 of 29)
| Version | Deps | Published |
|---|---|---|
| 0.15.2 | 0 / 3 | |
| 0.15.1 | 0 / 3 | |
| 0.15.0 | 0 / 3 | |
| 0.14.2 | 0 / 3 | |
| 0.14.1 | 0 / 3 | |
| 0.14.0 | 0 / 3 | |
| 0.13.1 | 0 / 3 | |
| 0.13.0 | 0 / 3 | |
| 0.12.4 | 0 / 3 | |
| 0.12.3 | 0 / 3 | |
| 0.12.2 | 0 / 3 | |
| 0.12.1 | 0 / 3 | |
| 0.12.0 | 0 / 3 | |
| 0.10.2 | 0 / 3 | |
| 0.10.1 | 0 / 3 | |
| 0.10.0 | 0 / 3 | |
| 0.9.0 | 0 / 3 | |
| 0.8.1 | 0 / 3 | |
| 0.8.0 | 0 / 3 | |
| 0.7.3 | 0 / 3 | |
| 0.7.2 | 0 / 3 | |
| 0.7.1 | 0 / 3 | |
| 0.7.0 | 0 / 3 | |
| 0.6.0 | 0 / 3 | |
| 0.5.0 | 0 / 3 | |
| 0.4.4 | 0 / 3 | |
| 0.4.3 | 0 / 3 | |
| 0.4.2 | 0 / 3 | |
| 0.4.1 | 0 / 3 |
v0.15.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.15.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.15.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.14.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.14.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.14.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.13.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.13.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.9.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.4
3 findingsSpreading entire process.env into an object — may capture all secrets 69 | if (!extra) 70 | return process.env; > 71 | return { ...process.env, ...extra }; 72 | } 73 | function spawnBinary(binary, args, options) {
Spreading entire process.env into an object — may capture all secrets 101 | function mergeEnv(extra?: NodeJS.ProcessEnv): NodeJS.ProcessEnv { 102 | if (!extra) return process.env; > 103 | return { ...process.env, ...extra }; 104 | } 105 |
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.