@atlaskit/jql-editor No license 25 versions

@atlaskit/jql-editor

npm Repository Homepage

25

Versions

—

License

No

Install Scripts

Missing

Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

atlassianartifactteam

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	large-new-source-files	AI (source-diff): Atlassian monorepo package; large file additions reflect routine refactoring/bundling of @atlaskit deps, not injected code.	ai	2026/05/14
dependencies	unvetted-dep:@atlaskit/legacy-custom-icons	AI (dependencies): Same Atlassian org scope (@atlaskit); routine internal dependency within the Atlassian component ecosystem, not a supply chain risk.	ai	2026/04/26
phantom-deps	phantom-dep:util	AI (phantom-deps): Explicitly excluded from unused-dep checks in package.json stricter config; used as a Node.js polyfill in build configuration.	ai	2026/04/25
phantom-deps	phantom-dep:assert	AI (phantom-deps): Explicitly excluded from unused-dep checks in package.json stricter config; used as a Node.js polyfill in build configuration.	ai	2026/04/25
phantom-deps	phantom-dep:@atlaskit/tokens	AI (phantom-deps): Same-org Atlaskit package used for design tokens; referenced in config files as expected for Atlaskit components.	ai	2026/04/25
dependencies	unvetted-dep:antlr4ts	AI (dependencies): antlr4ts is the standard TypeScript ANTLR4 runtime, appropriate for a JQL parser/editor package. Stable dependency across versions.	ai	2026/04/25
phantom-deps	phantom-dep:@atlaskit/townsquare-emoji-provider	AI (phantom-deps): Same-org Atlaskit package; referenced in config files as expected for Atlaskit ecosystem components.	ai	2026/04/25
bogus-package	bogus-package	AI (bogus-package): Established Atlaskit package with 147 versions and 17.9k weekly downloads; short README and no keywords are cosmetic, not security signals.	ai	2026/04/25
phantom-deps	phantom-dep:@react-loosely-lazy/manifest	AI (phantom-deps): Build/config-time manifest dependency for react-loosely-lazy; not directly imported in source but legitimately declared.	ai	2026/04/25
dependencies	unvetted-dep:react-intl-next	AI (dependencies): react-intl-next is an Atlassian alias pattern for react-intl, a well-known i18n library. Common across Atlaskit packages.	ai	2026/04/25

Versions (showing 25 of 25)

Version	Deps	Published
6.4.4	40 / 14	2026-05-22
6.4.3	40 / 12	2026-05-19
6.4.2	40 / 12	2026-05-18
6.4.1	40 / 12	2026-05-15
6.4.0	40 / 12	2026-05-13
6.3.1	40 / 12	2026-05-08
6.3.0	40 / 12	2026-05-07
6.2.3	40 / 12	2026-05-06
6.2.2	40 / 12	2026-05-05
6.2.1	40 / 12	2026-04-23
6.2.0	40 / 12	2026-04-22
6.1.2	40 / 12	2026-04-17
6.1.0	40 / 11	2026-04-14
5.14.5	41 / 10	2026-04-14
5.14.4	41 / 10	2026-04-13
5.14.1	40 / 10	2026-04-02
5.14.0	40 / 10	2026-03-30
5.13.5	40 / 10	2026-03-20
5.13.4	40 / 10	2026-03-19
5.13.2	40 / 10	2026-02-25
5.11.0	36 / 11	2025-12-30
5.9.0	37 / 12	2025-12-04
5.8.4	37 / 11	2025-11-12
5.8.2	37 / 11	2025-11-07
5.7.1	36 / 10	2025-10-29

v6.4.4

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v6.4.3

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v6.4.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v6.4.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v6.4.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v6.3.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v6.3.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v6.2.3

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v6.2.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v6.2.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v6.2.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v6.1.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v6.1.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.14.5

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.14.4

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.14.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.14.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.13.5

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.13.4

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.13.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.11.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.9.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.8.4

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.8.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.7.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.