@ai-sdk/svelte — Greenflagged

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

vercel-release-botmatheussmatt.straka

Keywords

aisvelte

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Transition from vercel-release-bot to GitHub Actions is a CI pipeline change within the same Vercel org, confirmed by SLSA provenance attestation.	ai	2026/05/15

Versions (showing 100 of 303)

Version	Deps	Published
4.0.198	2 / 16	2026-06-08
4.0.197	2 / 16	2026-06-04
4.0.196	2 / 16	2026-06-03
4.0.195	2 / 16	2026-06-02
4.0.194	2 / 16	2026-06-01
4.0.193	2 / 16	2026-05-28
4.0.192	2 / 16	2026-05-28
4.0.191	2 / 16	2026-05-22
4.0.190	2 / 16	2026-05-21
4.0.189	2 / 16	2026-05-21
4.0.188	2 / 16	2026-05-21
4.0.187	2 / 16	2026-05-20
4.0.185	2 / 16	2026-05-18
4.0.184	2 / 16	2026-05-16
4.0.183	2 / 16	2026-05-15
4.0.182	2 / 16	2026-05-13
4.0.180	2 / 16	2026-05-12
4.0.178	2 / 16	2026-05-12
4.0.177	2 / 16	2026-05-08
4.0.176	2 / 16	2026-05-07
4.0.175	2 / 16	2026-05-04
4.0.174	2 / 16	2026-05-01
4.0.173	2 / 16	2026-05-01
4.0.172	2 / 16	2026-04-30
4.0.171	2 / 16	2026-04-30
4.0.170	2 / 16	2026-04-29
4.0.169	2 / 16	2026-04-29
4.0.168	2 / 16	2026-04-16
4.0.167	2 / 16	2026-04-16
4.0.166	2 / 16	2026-04-16
4.0.165	2 / 16	2026-04-16
4.0.164	2 / 16	2026-04-16
4.0.163	2 / 16	2026-04-16
4.0.162	2 / 16	2026-04-15
4.0.161	2 / 16	2026-04-15
4.0.160	2 / 16	2026-04-14
4.0.159	2 / 16	2026-04-13
4.0.158	2 / 16	2026-04-10
4.0.157	2 / 16	2026-04-10
4.0.156	2 / 16	2026-04-09
4.0.155	2 / 16	2026-04-09
4.0.154	2 / 16	2026-04-08
4.0.153	2 / 16	2026-04-08
4.0.152	2 / 16	2026-04-07
4.0.151	2 / 16	2026-04-07
4.0.150	2 / 16	2026-04-07
4.0.149	2 / 16	2026-04-06
4.0.148	2 / 16	2026-04-06
4.0.147	2 / 16	2026-04-06
4.0.146	2 / 16	2026-04-04
4.0.145	2 / 16	2026-04-03
4.0.144	2 / 16	2026-04-02
4.0.143	2 / 16	2026-04-02
4.0.142	2 / 16	2026-03-31
4.0.141	2 / 16	2026-03-27
4.0.140	2 / 16	2026-03-26
4.0.139	2 / 16	2026-03-26
4.0.138	2 / 16	2026-03-24
4.0.137	2 / 16	2026-03-23
4.0.136	2 / 16	2026-03-23
4.0.135	2 / 16	2026-03-23
4.0.134	2 / 16	2026-03-20
4.0.133	2 / 21	2026-03-20
4.0.132	2 / 21	2026-03-19
4.0.131	2 / 21	2026-03-19
4.0.130	2 / 21	2026-03-18
4.0.129	2 / 21	2026-03-17
4.0.128	2 / 21	2026-03-16
4.0.127	2 / 21	2026-03-12
4.0.126	2 / 21	2026-03-11
4.0.125	2 / 21	2026-03-10
4.0.124	2 / 21	2026-03-09
4.0.123	2 / 21	2026-03-09
4.0.122	2 / 21	2026-03-09
4.0.121	2 / 21	2026-03-07
4.0.120	2 / 21	2026-03-06
4.0.119	2 / 21	2026-03-06
4.0.118	2 / 21	2026-03-05
4.0.117	2 / 21	2026-03-05
4.0.116	2 / 21	2026-03-05
4.0.115	2 / 21	2026-03-05
4.0.114	2 / 21	2026-03-04
4.0.113	2 / 21	2026-03-04
4.0.112	2 / 21	2026-03-04
4.0.111	2 / 21	2026-03-03
4.0.110	2 / 21	2026-03-03
4.0.109	2 / 21	2026-03-03
4.0.108	2 / 21	2026-03-03
4.0.107	2 / 21	2026-03-02
4.0.106	2 / 21	2026-03-02
4.0.105	2 / 21	2026-02-28
4.0.104	2 / 21	2026-02-27
4.0.103	2 / 21	2026-02-26
4.0.102	2 / 21	2026-02-26
4.0.101	2 / 21	2026-02-26
4.0.100	2 / 21	2026-02-25
4.0.99	2 / 21	2026-02-24
4.0.98	2 / 21	2026-02-24
4.0.97	2 / 21	2026-02-20
4.0.96	2 / 21	2026-02-20

Showing 100 of 303 Next page →

v4.0.198

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.0.197

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.0.196

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.0.195

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.0.194

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.0.193

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.0.192

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.0.191

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.0.190

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.0.189

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.0.188

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.0.187

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.0.185

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.0.184

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.0.183

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.0.182

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.0.180

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.0.178

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.0.177

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.0.176

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.0.175

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.0.174

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.0.173

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.0.172

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.0.171

2 findings

HIGH Publisher changed: vercel-release-bot → GitHub Actions (on 2026-04-30) provenance

This version was published by a different npm account than previous versions on 2026-04-30. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.0.170

2 findings

HIGH Publisher changed: vercel-release-bot → GitHub Actions (on 2026-04-29) provenance

This version was published by a different npm account than previous versions on 2026-04-29. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.0.169

2 findings

HIGH Publisher changed: vercel-release-bot → GitHub Actions (on 2026-04-29) provenance

This version was published by a different npm account than previous versions on 2026-04-29. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.