@blocklet/labels
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:unstated-next | AI (dependencies): Well-known React state management library; stable dependency for this package. | ai | |
| dependencies | unvetted-dep:@iconify/icons-mdi | AI (dependencies): Standard iconify icon set; legitimate UI dependency. | ai | |
| dependencies | unvetted-dep:performant-array-to-tree | AI (dependencies): Known utility library; no malicious indicators. | ai | |
| dependencies | unvetted-dep:@iconify/icons-material-symbols | AI (dependencies): Standard iconify icon set; legitimate UI dependency. | ai | |
| phantom-deps | phantom-dep:react-color | AI (phantom-deps): Declared as runtime dep in package.json; phantom-dep heuristic false positive. | ai | |
| phantom-deps | phantom-dep:@emotion/css | AI (phantom-deps): Declared as runtime dep in package.json; phantom-dep heuristic false positive. | ai | |
| phantom-deps | phantom-dep:@emotion/react | AI (phantom-deps): Declared as runtime dep in package.json; phantom-dep heuristic false positive. | ai | |
| phantom-deps | phantom-dep:@emotion/styled | AI (phantom-deps): Declared as runtime dep in package.json; phantom-dep heuristic false positive. | ai | |
| phantom-deps | phantom-dep:@blocklet/translation-input | AI (phantom-deps): Same org sibling package declared as runtime dep; phantom-dep heuristic false positive. | ai |
Versions (showing 51 of 316)
| Version | Deps | Published |
|---|---|---|
| 2.6.25 | 14 / 23 | |
| 2.6.24 | 14 / 23 | |
| 2.6.23 | 14 / 23 | |
| 2.6.22 | 14 / 23 | |
| 2.6.21 | 14 / 23 | |
| 2.6.20 | 14 / 23 | |
| 2.6.19 | 14 / 23 | |
| 2.6.18 | 14 / 23 | |
| 2.6.17 | 14 / 23 | |
| 2.6.16 | 14 / 23 | |
| 2.6.15 | 14 / 23 | |
| 2.6.14 | 14 / 23 | |
| 2.6.13 | 14 / 23 | |
| 2.6.12 | 14 / 23 | |
| 2.6.11 | 14 / 23 | |
| 2.6.10 | 14 / 23 | |
| 2.6.9 | 14 / 23 | |
| 2.6.8 | 14 / 23 | |
| 2.6.7 | 14 / 23 | |
| 2.6.6 | 14 / 23 | |
| 2.6.5 | 14 / 23 | |
| 2.6.4 | 14 / 23 | |
| 2.6.3 | 14 / 23 | |
| 2.6.2 | 14 / 23 | |
| 2.5.94 | 14 / 23 | |
| 2.5.93 | 14 / 23 | |
| 2.5.92 | 14 / 23 | |
| 2.5.91 | 14 / 23 | |
| 2.5.90 | 14 / 23 | |
| 2.5.89 | 14 / 23 | |
| 2.5.88 | 14 / 23 | |
| 2.5.87 | 14 / 23 | |
| 2.5.86 | 14 / 23 | |
| 2.5.85 | 14 / 23 | |
| 2.5.84 | 14 / 23 | |
| 2.5.83 | 14 / 23 | |
| 2.5.82 | 14 / 23 | |
| 2.5.81 | 14 / 23 | |
| 2.5.80 | 14 / 23 | |
| 2.5.79 | 14 / 23 | |
| 2.5.78 | 14 / 23 | |
| 2.5.77 | 14 / 23 | |
| 2.5.76 | 14 / 23 | |
| 2.5.75 | 14 / 23 | |
| 2.5.74 | 14 / 23 | |
| 2.5.73 | 14 / 23 | |
| 2.5.72 | 14 / 23 | |
| 2.5.71 | 14 / 23 | |
| 2.5.70 | 14 / 23 | |
| 2.5.69 | 14 / 23 | |
| 2.5.68 | 14 / 23 |
v2.6.24
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.6.23
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.6.22
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.6.21
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.6.20
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.6.19
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.6.18
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.6.17
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.6.16
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.6.15
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.6.14
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.6.13
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.6.12
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.6.11
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.6.10
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.6.9
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.6.8
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.6.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.6.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.6.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.6.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.6.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.6.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.5.94
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.5.93
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.5.92
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.5.91
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.5.90
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.5.89
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.5.88
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.5.87
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.5.86
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.5.85
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.5.84
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.5.83
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.5.82
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.5.81
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.5.80
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.5.79
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.5.78
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.5.77
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.5.76
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.5.75
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.5.74
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.5.73
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.5.72
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.5.71
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.5.70
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.5.69
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.5.68
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.