@atlaskit/editor-plugin-date
Date plugin for @atlaskit/editor-core
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | no-provenance | AI (provenance): Lack of Sigstore provenance is common industry practice; not a disqualifier for established, trusted publishers. | ai | |
| phantom-deps | phantom-dep:@atlaskit/date | AI (phantom-deps): Same-org Atlaskit dependency declared but not directly imported; consistent with Atlaskit monorepo conventions across versions. | ai | |
| dependencies | unvetted-dep:@atlaskit/date | AI (dependencies): First-party Atlassian dependency within the same @atlaskit org scope; no meaningful supply chain risk for this package. | ai | |
| dependencies | unvetted-dep:react-intl-next | AI (dependencies): react-intl-next is a standard Atlassian npm alias for react-intl@^5.18.1, used consistently across the @atlaskit ecosystem. Not a security concern. | ai | |
| phantom-deps | phantom-dep:@atlaskit/css | AI (phantom-deps): Atlassian uses Compiled CSS toolchain; @atlaskit/css may be consumed at build/style level without direct JS imports. Stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:bind-event-listener | AI (phantom-deps): Referenced in config files per the finding; Atlassian's techstack config explicitly lists 'use-bind-event-listener' for DOM events. Stable false positive. | ai | |
| phantom-deps | phantom-dep:@atlaskit/tokens | AI (phantom-deps): Design tokens are consumed via Compiled CSS in Atlassian packages; not directly imported in JS but legitimately declared as a dependency. | ai |
Versions (showing 70 of 70)
| Version | Deps | Published |
|---|---|---|
| 13.0.1 | 21 / 4 | |
| 13.0.0 | 21 / 4 | |
| 12.2.9 | 21 / 4 | |
| 12.2.8 | 21 / 4 | |
| 12.2.7 | 21 / 4 | |
| 12.2.6 | 21 / 4 | |
| 12.2.5 | 21 / 4 | |
| 12.2.4 | 21 / 4 | |
| 12.2.3 | 21 / 2 | |
| 12.2.2 | 21 / 2 | |
| 12.2.1 | 21 / 2 | |
| 12.2.0 | 21 / 2 | |
| 12.1.15 | 21 / 2 | |
| 12.1.14 | 21 / 2 | |
| 12.1.13 | 21 / 2 | |
| 12.1.12 | 21 / 2 | |
| 12.1.11 | 21 / 2 | |
| 12.1.10 | 21 / 2 | |
| 12.1.9 | 21 / 2 | |
| 12.1.8 | 21 / 2 | |
| 12.1.7 | 21 / 2 | |
| 12.1.6 | 21 / 2 | |
| 12.1.5 | 21 / 2 | |
| 12.1.4 | 21 / 2 | |
| 12.1.3 | 21 / 2 | |
| 12.1.2 | 21 / 2 | |
| 12.1.1 | 21 / 2 | |
| 12.1.0 | 21 / 2 | |
| 12.0.2 | 21 / 2 | |
| 12.0.1 | 21 / 2 | |
| 12.0.0 | 21 / 2 | |
| 11.0.0 | 22 / 1 | |
| 10.0.31 | 22 / 1 | |
| 10.0.30 | 22 / 1 | |
| 10.0.29 | 22 / 1 | |
| 10.0.28 | 22 / 1 | |
| 10.0.27 | 22 / 1 | |
| 10.0.22 | 22 / 1 | |
| 10.0.21 | 22 / 1 | |
| 10.0.20 | 22 / 1 | |
| 10.0.19 | 22 / 1 | |
| 10.0.18 | 22 / 1 | |
| 10.0.16 | 22 / 1 | |
| 10.0.15 | 22 / 1 | |
| 10.0.14 | 22 / 1 | |
| 10.0.13 | 23 / 1 | |
| 10.0.11 | 23 / 1 | |
| 10.0.10 | 23 / 1 | |
| 10.0.9 | 23 / 1 | |
| 10.0.2 | 23 / 1 | |
| 10.0.0 | 23 / 1 | |
| 9.1.27 | 23 / 1 | |
| 9.1.23 | 23 / 1 | |
| 9.1.16 | 23 / 1 | |
| 9.1.10 | 23 / 1 | |
| 9.1.8 | 23 / 1 | |
| 9.1.4 | 23 / 1 | |
| 9.1.3 | 23 / 1 | |
| 9.1.0 | 23 / 1 | |
| 8.1.16 | 23 / 1 | |
| 8.1.13 | 23 / 1 | |
| 8.1.11 | 23 / 1 | |
| 8.1.10 | 23 / 1 | |
| 8.1.9 | 24 / 12 | |
| 8.1.8 | 24 / 12 | |
| 8.1.7 | 24 / 12 | |
| 8.1.6 | 24 / 12 | |
| 8.1.5 | 24 / 12 | |
| 8.1.4 | 24 / 12 | |
| 8.1.3 | 24 / 12 |
v13.0.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.0.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v12.2.9
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v12.2.8
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v12.2.7
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v12.2.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v12.2.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v12.2.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v12.2.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v12.2.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v12.2.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v12.2.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v12.1.15
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v12.1.14
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v12.1.13
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v12.1.12
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v12.1.11
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v12.1.10
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v12.1.9
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v12.1.8
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v12.1.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v12.1.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v12.1.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v12.1.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v12.1.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v12.1.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v12.0.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v12.0.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v12.0.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v11.0.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v10.0.31
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v10.0.30
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v10.0.29
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v10.0.28
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v10.0.27
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v10.0.22
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v10.0.21
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v10.0.20
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v10.0.19
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v10.0.18
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v10.0.16
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v10.0.15
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v10.0.14
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v10.0.13
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v10.0.11
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v10.0.10
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v10.0.9
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v10.0.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v10.0.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v9.1.27
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v9.1.23
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v9.1.16
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v9.1.10
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v9.1.8
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v9.1.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v9.1.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v9.1.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.1.16
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.1.13
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.1.11
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.1.10
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.1.9
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.1.8
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.1.7
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.1.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.1.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.1.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.1.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.