@atlaskit/renderer
Renderer component
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| publish-pattern | dormant-publish | AI (publish-pattern): Atlassian migrated to atlassianartifactteam publisher ~426 days ago; apparent dormancy reflects account transition, not inactivity. Package has 1590 versions and is actively maintained. | ai | |
| dependencies | unvetted-peer-dep:@atlaskit/media-core | AI (dependencies): Peer dependency within Atlassian ecosystem; stable for this package's context. | ai | |
| phantom-deps | phantom-dep:@atlaskit/editor-tables | AI (phantom-deps): Same-org phantom dependency typical of Atlassian monorepo structure; no security concern. | ai | |
| phantom-deps | phantom-dep:@atlaskit/pragmatic-drag-and-drop | AI (phantom-deps): Same-org @atlaskit scope phantom dep; consistent with monorepo dependency management patterns for this package. | ai | |
| dependencies | unvetted-dep:react-intl-next | AI (dependencies): react-intl-next is an npm alias for react-intl@^5.18.1, a well-known i18n library. This aliasing pattern is standard in Atlassian packages and poses no security risk. | ai | |
| phantom-deps | phantom-dep:@atlaskit/afm-i18n-platform-editor-renderer | AI (phantom-deps): Same-org @atlaskit scope phantom dep; consistent with monorepo dependency management patterns for this package. | ai | |
| phantom-deps | phantom-dep:@atlaskit/theme | AI (phantom-deps): Same-org @atlaskit scope phantom dep in a large monorepo; declared for peer/tooling resolution without direct import is expected and stable for this package. | ai | |
| phantom-deps | phantom-dep:@atlaskit/feature-gate-js-client | AI (phantom-deps): Same-org @atlaskit scope phantom dep; consistent with monorepo dependency management patterns for this package. | ai | |
| provenance | no-provenance | AI (provenance): Atlassian publishes this package without Sigstore provenance; consistent across all versions. Publisher identity is well-established via track record. | ai |
Versions (showing 100 of 111)
| Version | Deps | Published |
|---|---|---|
| 132.0.1 | 48 / 41 | |
| 132.0.0 | 48 / 41 | |
| 131.2.4 | 48 / 41 | |
| 131.2.3 | 48 / 41 | |
| 131.2.2 | 48 / 41 | |
| 131.2.1 | 48 / 41 | |
| 131.2.0 | 48 / 41 | |
| 131.1.9 | 48 / 41 | |
| 131.1.8 | 48 / 41 | |
| 131.1.7 | 48 / 41 | |
| 131.1.6 | 48 / 41 | |
| 131.1.5 | 48 / 41 | |
| 131.1.4 | 48 / 38 | |
| 131.1.3 | 48 / 38 | |
| 131.1.2 | 48 / 38 | |
| 131.1.1 | 48 / 38 | |
| 131.1.0 | 48 / 38 | |
| 131.0.0 | 48 / 38 | |
| 130.6.4 | 48 / 38 | |
| 130.6.3 | 48 / 38 | |
| 130.6.2 | 48 / 38 | |
| 130.6.1 | 48 / 38 | |
| 130.6.0 | 48 / 38 | |
| 130.5.1 | 48 / 38 | |
| 130.5.0 | 48 / 38 | |
| 130.4.2 | 48 / 38 | |
| 130.4.1 | 48 / 38 | |
| 130.4.0 | 48 / 38 | |
| 130.3.8 | 48 / 38 | |
| 130.3.7 | 48 / 38 | |
| 130.3.6 | 48 / 38 | |
| 130.3.5 | 48 / 38 | |
| 130.3.4 | 48 / 38 | |
| 130.3.3 | 48 / 38 | |
| 130.3.2 | 48 / 38 | |
| 130.3.1 | 48 / 38 | |
| 130.3.0 | 48 / 38 | |
| 130.2.18 | 48 / 38 | |
| 130.2.17 | 47 / 38 | |
| 130.2.16 | 47 / 37 | |
| 130.2.15 | 47 / 37 | |
| 130.2.14 | 47 / 37 | |
| 130.2.12 | 47 / 37 | |
| 130.2.11 | 47 / 37 | |
| 130.2.10 | 47 / 37 | |
| 130.2.9 | 47 / 37 | |
| 130.2.8 | 47 / 37 | |
| 130.2.7 | 47 / 37 | |
| 130.2.6 | 47 / 37 | |
| 130.2.5 | 47 / 36 | |
| 130.2.4 | 47 / 36 | |
| 130.2.3 | 47 / 36 | |
| 130.2.2 | 47 / 36 | |
| 130.2.1 | 47 / 35 | |
| 130.2.0 | 47 / 35 | |
| 130.1.0 | 47 / 35 | |
| 130.0.1 | 47 / 35 | |
| 130.0.0 | 47 / 35 | |
| 129.0.0 | 48 / 34 | |
| 128.11.1 | 48 / 34 | |
| 128.11.0 | 48 / 34 | |
| 128.10.6 | 48 / 34 | |
| 128.10.4 | 48 / 34 | |
| 128.10.2 | 48 / 34 | |
| 128.9.7 | 48 / 34 | |
| 128.9.4 | 48 / 34 | |
| 128.9.2 | 48 / 34 | |
| 128.9.1 | 48 / 34 | |
| 128.8.0 | 48 / 34 | |
| 128.7.2 | 48 / 34 | |
| 128.7.1 | 48 / 34 | |
| 128.6.4 | 48 / 34 | |
| 128.6.3 | 48 / 34 | |
| 128.6.1 | 48 / 34 | |
| 128.6.0 | 48 / 34 | |
| 128.5.0 | 48 / 34 | |
| 128.3.9 | 48 / 34 | |
| 128.3.5 | 48 / 33 | |
| 128.3.3 | 48 / 33 | |
| 128.3.1 | 48 / 33 | |
| 127.3.0 | 46 / 33 | |
| 127.1.0 | 46 / 33 | |
| 126.16.0 | 46 / 33 | |
| 126.14.3 | 46 / 33 | |
| 126.13.4 | 46 / 33 | |
| 126.13.0 | 46 / 33 | |
| 126.9.5 | 46 / 33 | |
| 126.9.3 | 46 / 33 | |
| 126.9.1 | 46 / 33 | |
| 126.8.11 | 46 / 33 | |
| 126.8.10 | 46 / 33 | |
| 126.7.0 | 46 / 33 | |
| 124.17.8 | 46 / 31 | |
| 124.17.3 | 46 / 32 | |
| 124.16.5 | 47 / 33 | |
| 124.16.3 | 47 / 33 | |
| 124.16.1 | 47 / 33 | |
| 124.14.1 | 47 / 33 | |
| 124.13.3 | 47 / 33 | |
| 124.13.2 | 47 / 33 |
v132.0.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v132.0.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v131.2.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v131.2.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v131.2.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v131.2.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v131.2.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v131.1.9
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v131.1.8
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v131.1.7
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v131.1.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v131.1.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v131.1.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v131.1.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v131.1.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v131.1.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v131.1.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v131.0.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v130.6.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v130.6.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v130.6.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v130.6.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v130.6.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v130.5.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v130.5.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v130.4.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v130.4.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v130.4.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v130.3.8
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v130.3.7
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v130.3.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v130.3.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v130.3.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v130.3.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v130.3.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v130.3.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v130.3.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v130.2.18
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v130.2.17
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v130.2.16
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v130.2.14
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v130.2.12
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v130.2.11
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v130.2.10
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v130.2.9
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v130.2.8
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v130.2.7
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v130.2.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v130.2.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v130.2.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v130.2.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v130.2.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v130.2.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v130.2.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v130.1.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v130.0.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v130.0.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v129.0.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v128.11.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v128.11.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v128.10.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v128.10.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v128.10.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v128.9.7
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v128.9.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v128.9.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v128.9.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v128.8.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v128.7.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v128.7.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v128.6.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v128.6.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v128.6.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v128.6.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v128.5.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v128.3.9
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v128.3.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v128.3.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v128.3.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v127.3.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v127.1.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v126.16.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v126.14.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v126.13.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v126.13.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v126.9.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v126.9.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v126.9.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v126.8.11
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v126.8.10
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v126.7.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v124.17.8
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v124.17.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v124.16.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v124.16.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v124.16.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v124.14.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v124.13.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v124.13.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.