@backstage/plugin-notifications-backend-module-slack

The slack backend module for the notifications plugin.

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

patrikofrebenmarcuseide

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
phantom-deps	phantom-dep:@slack/bolt	AI (phantom-deps): Slack plugin module; @slack/bolt is a core dependency used indirectly through plugin infrastructure, not directly imported in source.	ai	2026/04/27
phantom-deps	phantom-dep:@slack/types	AI (phantom-deps): Type definitions for Slack integration; referenced in config and type definitions, not direct source imports.	ai	2026/04/27
phantom-deps	phantom-dep:@backstage/config	AI (phantom-deps): Same-org Backstage dependency used indirectly through plugin infrastructure; stable pattern for this package.	ai	2026/04/27
phantom-deps	phantom-dep:@backstage/plugin-notifications-common	AI (phantom-deps): Same-org Backstage dependency used indirectly through plugin infrastructure; stable pattern for this package.	ai	2026/04/27
dependencies	unvetted-dep:@backstage/plugin-notifications-node	AI (dependencies): Official @backstage scoped package; direct parent plugin dependency for this notifications module.	ai	2026/04/25
dependencies	unvetted-dep:@backstage/types	AI (dependencies): Official @backstage scoped package; expected dependency for a Backstage plugin module in the backstage monorepo ecosystem.	ai	2026/04/25
bogus-package	bogus-package	AI (bogus-package): Monorepo-published package; short README and no keywords are expected patterns for Backstage plugin modules where docs live in the main repo.	ai	2026/04/25
dependencies	unvetted-dep:@backstage/plugin-notifications-common	AI (dependencies): Official @backstage scoped package; shared types/interfaces for the notifications plugin family.	ai	2026/04/25
dependencies	unvetted-dep:@backstage/errors	AI (dependencies): Official @backstage scoped package; expected dependency for a Backstage plugin module.	ai	2026/04/25
dependencies	unvetted-dep:@backstage/backend-plugin-api	AI (dependencies): Official @backstage scoped package; core API for Backstage backend plugin modules.	ai	2026/04/25
dependencies	unvetted-dep:@backstage/plugin-catalog-node	AI (dependencies): Official @backstage scoped package; expected dependency for catalog integration in Backstage plugins.	ai	2026/04/25