@blocklet/editor
Rich editor powered by lexical.
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:@blocklet/code-editor | AI (phantom-deps): Same-org package; phantom-dep heuristic is a stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@blocklet/pages-kit-inner-components | AI (phantom-deps): Same-org package; phantom-dep heuristic is a stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@lexical/yjs | AI (phantom-deps): Lexical ecosystem dep; may be used indirectly via config/plugins, stable false positive. | ai | |
| phantom-deps | phantom-dep:@lexical/file | AI (phantom-deps): Lexical ecosystem dep; may be used indirectly via config/plugins, stable false positive. | ai | |
| phantom-deps | phantom-dep:@popperjs/core | AI (phantom-deps): Peer/transitive usage pattern; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@lexical/clipboard | AI (phantom-deps): Lexical ecosystem dep; stable false positive for this package. | ai |
Versions (showing 39 of 39)
| Version | Deps | Published |
|---|---|---|
| 2.6.25 | 50 / 24 | |
| 2.5.29 | 49 / 24 | |
| 2.5.13 | 49 / 24 | |
| 2.4.74 | 47 / 24 | |
| 2.4.73 | 47 / 24 | |
| 2.4.72 | 47 / 24 | |
| 2.4.71 | 47 / 24 | |
| 2.4.70 | 47 / 24 | |
| 2.4.69 | 47 / 24 | |
| 2.4.68 | 47 / 24 | |
| 2.4.67 | 47 / 24 | |
| 2.4.66 | 47 / 24 | |
| 2.4.65 | 47 / 24 | |
| 2.4.64 | 47 / 24 | |
| 2.4.63 | 47 / 24 | |
| 2.4.62 | 47 / 24 | |
| 2.4.61 | 47 / 24 | |
| 2.4.60 | 47 / 24 | |
| 2.4.59 | 47 / 24 | |
| 2.4.58 | 47 / 24 | |
| 2.4.57 | 46 / 24 | |
| 2.4.56 | 46 / 24 | |
| 2.4.55 | 46 / 24 | |
| 2.4.54 | 46 / 24 | |
| 2.4.53 | 46 / 24 | |
| 2.4.52 | 46 / 24 | |
| 2.4.51 | 46 / 24 | |
| 2.4.50 | 46 / 24 | |
| 2.4.49 | 46 / 24 | |
| 2.4.48 | 46 / 24 | |
| 2.4.47 | 46 / 24 | |
| 2.4.46 | 46 / 24 | |
| 2.4.45 | 46 / 24 | |
| 2.4.44 | 46 / 24 | |
| 2.4.43 | 46 / 24 | |
| 2.4.42 | 46 / 24 | |
| 2.3.69 | 46 / 24 | |
| 2.3.68 | 46 / 24 | |
| 2.3.67 | 46 / 24 |
v2.5.29
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.5.13
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.4.74
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.4.73
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.4.72
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.4.71
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.4.70
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.4.69
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.4.68
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.4.67
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.4.66
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.4.65
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.4.64
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.4.63
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.4.62
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.4.61
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.4.60
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.4.59
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.4.58
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.4.57
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.4.56
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.4.55
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.4.54
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.4.53
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.4.52
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.4.51
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.4.50
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.4.49
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.4.48
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.4.47
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.4.46
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.4.45
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.4.44
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.4.43
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.4.42
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.3.69
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.3.68
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.3.67
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.