@agent-scope/site
Static HTML gallery generator for Scope — reads .reactscope/ output and produces a component gallery website
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| typosquat | typosquat.levenshtein:vite | AI (typosquat): Scoped package @agent-scope/site; 'site' vs 'vite' is coincidental, not impersonation. | ai |
Versions (showing 46 of 46)
| Version | Deps | Published |
|---|---|---|
| 1.25.3 | 0 / 4 | |
| 1.25.2 | 0 / 4 | |
| 1.25.1 | 0 / 4 | |
| 1.25.0 | 0 / 4 | |
| 1.24.0 | 0 / 4 | |
| 1.23.0 | 0 / 4 | |
| 1.22.0 | 0 / 4 | |
| 1.21.11 | 0 / 4 | |
| 1.21.10 | 0 / 4 | |
| 1.21.9 | 0 / 4 | |
| 1.21.8 | 0 / 4 | |
| 1.21.7 | 0 / 4 | |
| 1.21.6 | 0 / 4 | |
| 1.21.5 | 0 / 4 | |
| 1.21.4 | 0 / 4 | |
| 1.21.3 | 0 / 4 | |
| 1.21.2 | 0 / 4 | |
| 1.21.1 | 0 / 4 | |
| 1.21.0 | 0 / 4 | |
| 1.20.19 | 0 / 4 | |
| 1.20.18 | 0 / 4 | |
| 1.20.17 | 0 / 4 | |
| 1.20.16 | 0 / 4 | |
| 1.20.15 | 0 / 4 | |
| 1.20.14 | 0 / 4 | |
| 1.20.13 | 0 / 4 | |
| 1.20.12 | 0 / 4 | |
| 1.20.11 | 0 / 4 | |
| 1.20.10 | 0 / 4 | |
| 1.20.9 | 0 / 4 | |
| 1.20.8 | 0 / 4 | |
| 1.20.7 | 0 / 4 | |
| 1.20.6 | 0 / 4 | |
| 1.20.5 | 0 / 4 | |
| 1.20.4 | 0 / 4 | |
| 1.20.3 | 0 / 4 | |
| 1.20.2 | 0 / 4 | |
| 1.20.1 | 0 / 4 | |
| 1.20.0 | 0 / 4 | |
| 1.19.0 | 0 / 4 | |
| 1.18.1 | 0 / 4 | |
| 1.18.0 | 0 / 4 | |
| 1.17.3 | 0 / 4 | |
| 1.17.2 | 0 / 4 | |
| 1.17.1 | 0 / 4 | |
| 1.17.0 | 0 / 4 |
v1.25.3
2 findingsPackage name '@agent-scope/site' is 1 edit(s) away from popular package 'vite'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.25.2
2 findingsPackage name '@agent-scope/site' is 1 edit(s) away from popular package 'vite'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.25.1
2 findingsPackage name '@agent-scope/site' is 1 edit(s) away from popular package 'vite'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.25.0
2 findingsPackage name '@agent-scope/site' is 1 edit(s) away from popular package 'vite'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.24.0
2 findingsPackage name '@agent-scope/site' is 1 edit(s) away from popular package 'vite'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.23.0
2 findingsPackage name '@agent-scope/site' is 1 edit(s) away from popular package 'vite'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.22.0
2 findingsPackage name '@agent-scope/site' is 1 edit(s) away from popular package 'vite'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.21.11
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.21.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.21.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.21.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.21.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.21.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.21.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.21.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.21.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.21.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.21.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.21.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.20.19
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.20.18
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.20.17
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.20.16
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.20.15
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.20.14
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.20.13
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.20.12
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.20.11
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.20.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.20.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.20.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.20.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.20.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.20.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.20.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.20.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.20.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.20.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.20.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.19.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.18.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.18.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.17.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.17.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.17.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.17.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.