@atlaskit/audit-log-tabs
This package has been emptied as part of RUBY-2957 and no longer exports any modules.
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:react-intl-next | AI (dependencies): react-intl-next is a standard npm alias for react-intl@^5.18.1; widely used in Atlassian packages as an i18n dependency. | ai | |
| phantom-deps | phantom-dep:@atlaskit/css | AI (phantom-deps): Same-org Atlaskit dep; likely used indirectly via compiled CSS or build tooling in monorepo context. | ai | |
| phantom-deps | phantom-dep:@atlaskit/tokens | AI (phantom-deps): Same-org Atlaskit dep; design tokens are typically consumed at build time via compiled CSS, not direct imports. | ai |
Versions (showing 8 of 8)
| Version | Deps | Published |
|---|---|---|
| 2.0.0 | 0 / 0 | |
| 1.0.1 | 6 / 9 | |
| 1.0.0 | 6 / 9 | |
| 0.2.3 | 7 / 8 | |
| 0.2.2 | 7 / 8 | |
| 0.2.0 | 7 / 8 | |
| 0.1.1 | 7 / 8 | |
| 0.1.0 | 7 / 8 |
v2.0.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.