@blockly/field-grid-dropdown

A Blockly dropdown field with grid layout.

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

google-wombotmaribethb

Keywords

blocklyblockly-pluginblockly-fieldgrid-dropdown

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	obfuscated-file:./dist/index.js	AI (source-diff): dist/index.js is a standard webpack UMD bundle for this Blockly plugin; minified output is expected and consistent across all versions of this package.	ai	2026/04/24
provenance	publisher-changed	AI (provenance): Transition from human publisher to GitHub Actions with SLSA provenance attestation is a legitimate and encouraged CI/CD security improvement for this Blockly ecosystem package.	ai	2026/04/23
license	uncommon-license:Apache 2.0	AI (license): Apache 2.0 is a well-known permissive license; the non-canonical string format triggers the rule but poses no real risk.	ai	2026/04/23

Versions (showing 100 of 103)

Version	Deps	Published
6.0.10	0 / 3	2026-04-09
6.0.9	0 / 3	2026-01-15
6.0.8	0 / 3	2026-01-05
6.0.6	0 / 3	2025-12-19
6.0.5	0 / 3	2025-12-19
6.0.4	0 / 3	2025-10-02
6.0.3	0 / 3	2025-07-17
6.0.2	0 / 3	2025-07-03
6.0.1	0 / 3	2025-05-22
6.0.0	0 / 3	2025-05-16
5.0.16	0 / 3	2025-05-16
5.0.15	0 / 3	2025-05-15
5.0.14	0 / 3	2025-05-14
5.0.12	0 / 3	2024-12-04
5.0.9	0 / 3	2024-08-29
5.0.8	0 / 3	2024-08-22
5.0.7	0 / 3	2024-08-08
5.0.6	0 / 3	2024-08-01
5.0.5	0 / 3	2024-07-25
5.0.4	0 / 3	2024-07-11
5.0.3	0 / 3	2024-07-04
5.0.2	0 / 3	2024-06-06
5.0.1	0 / 3	2024-05-30
5.0.0	0 / 4	2024-05-21
4.0.16	0 / 4	2024-05-16
4.0.15	0 / 4	2024-05-09
4.0.14	0 / 4	2024-04-25
4.0.13	0 / 4	2024-04-04
4.0.12	0 / 4	2024-03-28
4.0.11	0 / 4	2024-02-08
4.0.10	0 / 4	2023-12-14
4.0.9	0 / 4	2023-12-07
4.0.8	0 / 4	2023-11-09
4.0.7	0 / 4	2023-11-02
4.0.6	0 / 4	2023-10-30
4.0.5	0 / 4	2023-09-21
4.0.4	0 / 4	2023-09-14
4.0.3	0 / 4	2023-08-17
4.0.2	0 / 4	2023-07-24
4.0.1	0 / 4	2023-07-20
4.0.0	0 / 4	2023-07-13
3.0.1	0 / 4	2023-07-06
3.0.0	0 / 4	2023-06-28
2.0.18	0 / 4	2023-06-22
2.0.17	0 / 4	2023-05-18
2.0.16	0 / 4	2023-05-11
2.0.15	0 / 4	2023-05-04
2.0.14	0 / 4	2023-04-27
2.0.13	0 / 4	2023-04-13
2.0.12	0 / 3	2023-03-23
2.0.11	0 / 3	2023-03-09
2.0.10	0 / 3	2023-03-02
2.0.9	0 / 3	2023-02-23
2.0.8	0 / 3	2023-02-23
2.0.7	0 / 3	2023-02-16
2.0.6	0 / 3	2023-02-09
2.0.5	0 / 3	2023-01-26
2.0.4	0 / 3	2023-01-05
2.0.3	0 / 3	2022-12-15
2.0.2	0 / 3	2022-10-27
2.0.1	0 / 3	2022-10-13
2.0.0	0 / 3	2022-10-05
1.0.47	0 / 3	2022-08-11
1.0.46	0 / 3	2022-08-04
1.0.45	0 / 3	2022-08-03
1.0.44	0 / 3	2022-07-21
1.0.43	0 / 3	2022-07-06
1.0.42	0 / 3	2022-06-29
1.0.41	0 / 3	2022-06-21
1.0.40	0 / 3	2022-06-08
1.0.39	0 / 3	2022-06-08
1.0.38	0 / 3	2022-04-21
1.0.35	0 / 3	2022-04-04
1.0.34	0 / 3	2022-04-01
1.0.33	0 / 3	2022-04-01
1.0.32	0 / 3	2022-02-24
1.0.31	0 / 3	2022-02-03
1.0.30	0 / 3	2022-01-28
1.0.29	0 / 3	2022-01-28
1.0.28	0 / 3	2022-01-13
1.0.27	0 / 3	2022-01-07
1.0.26	0 / 3	2021-12-15
1.0.25	0 / 3	2021-09-17
1.0.24	0 / 3	2021-09-08
1.0.23	0 / 3	2021-08-12
1.0.22	0 / 3	2021-08-12
1.0.21	0 / 3	2021-07-29
1.0.20	0 / 3	2021-07-23
1.0.19	0 / 3	2021-07-16
1.0.18	0 / 3	2021-07-02
1.0.17	0 / 3	2021-07-02
1.0.16	0 / 3	2021-06-24
1.0.15	0 / 3	2021-06-18
1.0.14	0 / 3	2021-05-28
1.0.13	0 / 3	2021-05-14
1.0.12	0 / 3	2021-04-16
1.0.11	0 / 3	2021-04-02
1.0.10	0 / 3	2021-03-26
1.0.9	0 / 3	2021-03-26
1.0.8	0 / 3	2021-03-25

Showing 100 of 103 Next page →

v6.0.10

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.0.9

2 findings

HIGH Publisher changed: maribethb → GitHub Actions (on 2026-01-15) provenance

This version was published by a different npm account than previous versions on 2026-01-15. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.0.8

2 findings

HIGH Publisher changed: maribethb → GitHub Actions (on 2026-01-05) provenance

This version was published by a different npm account than previous versions on 2026-01-05. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.