@atlaskit/afm-i18n-platform-ai-mate-rovo-agent-components
NPM i18n package for AFM platform-ai-mate-rovo-agent-components published by Traduki
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:child-process-import | AI (semgrep): child_process usage is in build.js, a build-time script run during prepublishOnly — not an install hook or runtime dep. Standard pattern for Atlassian i18n build tooling. | ai | |
| provenance | no-provenance | AI (provenance): Established Atlassian package with 102 versions and strong publisher track record; lack of Sigstore provenance is not a meaningful risk signal here. | ai |
Versions (showing 51 of 146)
| Version | Deps | Published |
|---|---|---|
| 2.147.0 | 0 / 1 | |
| 2.146.0 | 0 / 1 | |
| 2.145.0 | 0 / 1 | |
| 2.144.0 | 0 / 1 | |
| 2.143.0 | 0 / 1 | |
| 2.142.0 | 0 / 1 | |
| 2.141.0 | 0 / 1 | |
| 2.140.0 | 0 / 1 | |
| 2.139.0 | 0 / 1 | |
| 2.138.0 | 0 / 1 | |
| 2.137.0 | 0 / 1 | |
| 2.136.0 | 0 / 1 | |
| 2.135.0 | 0 / 1 | |
| 2.134.0 | 0 / 1 | |
| 2.133.0 | 0 / 1 | |
| 2.132.0 | 0 / 1 | |
| 2.131.0 | 0 / 1 | |
| 2.130.0 | 0 / 1 | |
| 2.129.0 | 0 / 1 | |
| 2.128.0 | 0 / 1 | |
| 2.127.0 | 0 / 1 | |
| 2.126.0 | 0 / 1 | |
| 2.125.0 | 0 / 1 | |
| 2.124.0 | 0 / 1 | |
| 2.123.0 | 0 / 1 | |
| 2.122.0 | 0 / 1 | |
| 2.121.0 | 0 / 1 | |
| 2.120.0 | 0 / 1 | |
| 2.119.0 | 0 / 1 | |
| 2.118.0 | 0 / 1 | |
| 2.117.0 | 0 / 1 | |
| 2.116.0 | 0 / 1 | |
| 2.115.0 | 0 / 1 | |
| 2.114.0 | 0 / 1 | |
| 2.113.0 | 0 / 1 | |
| 2.112.0 | 0 / 1 | |
| 2.111.0 | 0 / 1 | |
| 2.110.0 | 0 / 1 | |
| 2.109.0 | 0 / 1 | |
| 2.108.0 | 0 / 1 | |
| 2.107.0 | 0 / 1 | |
| 2.106.0 | 0 / 1 | |
| 2.105.0 | 0 / 1 | |
| 2.104.0 | 0 / 1 | |
| 2.103.0 | 0 / 1 | |
| 2.102.0 | 0 / 1 | |
| 2.101.0 | 0 / 1 | |
| 2.100.0 | 0 / 1 | |
| 2.99.0 | 0 / 1 | |
| 2.98.0 | 0 / 1 | |
| 2.97.0 | 0 / 1 |
v2.147.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.146.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.145.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.144.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.143.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.142.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.141.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.140.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.139.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.138.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.137.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.136.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.135.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.134.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.133.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.132.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.131.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.130.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.129.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.128.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.127.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.126.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.125.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.124.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.123.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.122.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.121.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.120.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.119.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.118.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.117.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.116.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.115.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.114.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.113.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.112.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.111.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.110.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.109.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.106.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.105.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.104.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.103.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.102.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.101.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.100.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.99.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.98.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.97.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.