wrangler No license 2 versions

wrangler

npm Repository Homepage

Versions

—

License

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

wrangler-publisher

Keywords

assemblyclicloudflarecloudflare workerscomputeedgeemscriptengraphqlhttprouterrustserverlessserverless applicationserverless moduletypescriptwasmwebwebassemblyworkerswrangler

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
semgrep	semgrep:child-process-import	AI (semgrep): CLI tool; child_process spawn in bin/wrangler.js is expected and documented behavior.	ai	2026/04/29
phantom-deps	phantom-dep:unenv	AI (phantom-deps): Known implicit runtime dependency for Cloudflare Workers environment emulation.	ai	2026/04/29
phantom-deps	phantom-dep:workerd	AI (phantom-deps): Known implicit binary dependency; workerd is the Cloudflare Workers runtime used by wrangler.	ai	2026/04/29
phantom-deps	phantom-dep:blake3-wasm	AI (phantom-deps): Platform-specific binary package; phantom-dep false positive for this package.	ai	2026/04/29
phantom-deps	phantom-dep:@cloudflare/unenv-preset	AI (phantom-deps): Framework-scoped Cloudflare package loaded by convention; stable false positive.	ai	2026/04/29

Versions (showing 2 of 2)

Version	Deps	Published
4.86.0	8 / 92	2026-04-28
4.85.0	8 / 92	2026-04-24

v4.86.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.85.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.