@blockly/field-grid-dropdown

A Blockly dropdown field with grid layout.

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

google-wombotmaribethb

Keywords

blocklyblockly-pluginblockly-fieldgrid-dropdown

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	obfuscated-file:./dist/index.js	AI (source-diff): dist/index.js is a standard webpack UMD bundle for this Blockly plugin; minified output is expected and consistent across all versions of this package.	ai	2026/04/24
provenance	publisher-changed	AI (provenance): Transition from human publisher to GitHub Actions with SLSA provenance attestation is a legitimate and encouraged CI/CD security improvement for this Blockly ecosystem package.	ai	2026/04/23
license	uncommon-license:Apache 2.0	AI (license): Apache 2.0 is a well-known permissive license; the non-canonical string format triggers the rule but poses no real risk.	ai	2026/04/23

Versions (showing 51 of 103)

View all versions

Version	Deps	Published
6.0.10	0 / 3	2026-04-09
6.0.9	0 / 3	2026-01-15
6.0.8	0 / 3	2026-01-05
6.0.6	0 / 3	2025-12-19
6.0.5	0 / 3	2025-12-19
6.0.4	0 / 3	2025-10-02
6.0.3	0 / 3	2025-07-17
6.0.2	0 / 3	2025-07-03
6.0.1	0 / 3	2025-05-22
6.0.0	0 / 3	2025-05-16
5.0.16	0 / 3	2025-05-16
5.0.15	0 / 3	2025-05-15
5.0.14	0 / 3	2025-05-14
5.0.12	0 / 3	2024-12-04
5.0.9	0 / 3	2024-08-29
5.0.8	0 / 3	2024-08-22
5.0.7	0 / 3	2024-08-08
5.0.6	0 / 3	2024-08-01
5.0.5	0 / 3	2024-07-25
5.0.4	0 / 3	2024-07-11
5.0.3	0 / 3	2024-07-04
5.0.2	0 / 3	2024-06-06
5.0.1	0 / 3	2024-05-30
5.0.0	0 / 4	2024-05-21
4.0.16	0 / 4	2024-05-16
4.0.15	0 / 4	2024-05-09
4.0.14	0 / 4	2024-04-25
4.0.13	0 / 4	2024-04-04
4.0.12	0 / 4	2024-03-28
4.0.11	0 / 4	2024-02-08
4.0.10	0 / 4	2023-12-14
4.0.9	0 / 4	2023-12-07
4.0.8	0 / 4	2023-11-09
4.0.7	0 / 4	2023-11-02
4.0.6	0 / 4	2023-10-30
4.0.5	0 / 4	2023-09-21
4.0.4	0 / 4	2023-09-14
4.0.3	0 / 4	2023-08-17
4.0.2	0 / 4	2023-07-24
4.0.1	0 / 4	2023-07-20
4.0.0	0 / 4	2023-07-13
3.0.1	0 / 4	2023-07-06
3.0.0	0 / 4	2023-06-28
2.0.18	0 / 4	2023-06-22
2.0.17	0 / 4	2023-05-18
2.0.16	0 / 4	2023-05-11
2.0.15	0 / 4	2023-05-04
2.0.14	0 / 4	2023-04-27
2.0.13	0 / 4	2023-04-13
2.0.12	0 / 3	2023-03-23
2.0.11	0 / 3	2023-03-09

v6.0.10

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.0.9

2 findings

HIGH Publisher changed: maribethb → GitHub Actions (on 2026-01-15) provenance

This version was published by a different npm account than previous versions on 2026-01-15. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.0.8

2 findings

HIGH Publisher changed: maribethb → GitHub Actions (on 2026-01-05) provenance

This version was published by a different npm account than previous versions on 2026-01-05. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.