@apify/docs-search-modal

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

mtrunkatjancurnpetrpatekmnmkngjaroslavhejlekdrobnikjmetalwarrior665fnesvedab4nanapify-service-account

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	slsa-provenance	AI (provenance): Package publishes via GitHub Actions with SLSA attestation; this is the expected CI/CD pattern for Apify org packages.	ai	2026/05/22
phantom-deps	phantom-dep:styled-components	AI (phantom-deps): styled-components is a declared runtime dependency used via config/theme; phantom-dep heuristic is a stable false positive here.	ai	2026/05/22

Versions (showing 8 of 8)

Version	Deps	Published
1.3.6	8 / 8	2026-01-06
1.3.5	8 / 8	2025-11-12
1.3.3	8 / 8	2025-10-08
1.3.2	8 / 8	2025-10-08
1.3.1	8 / 8	2025-09-19
1.3.0	8 / 8	2025-09-18
1.2.3	8 / 8	2025-08-27
1.2.2	8 / 8	2025-05-28

v1.3.6

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.3.5

2 findings

HIGH Publisher changed: apify-service-account → GitHub Actions (on 2025-11-12) provenance

This version was published by a different npm account than previous versions on 2025-11-12. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.