@blocknote/core
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/extensions-IJK3t0sz.cjs | AI (source-diff): Standard minified CJS build output from Vite; source maps included. | ai | |
| source-diff | obfuscated-file:dist/src-Bcud0PIg.js | AI (source-diff): Standard minified ESM build output from Vite; source maps included. | ai | |
| source-diff | obfuscated-file:dist/src-B6rlChSc.cjs | AI (source-diff): Standard minified CJS build output from Vite; source maps included. | ai | |
| source-diff | obfuscated-file:dist/blocks-Bm6IfL1R.cjs | AI (source-diff): Standard minified CJS build output from Vite; source maps included. | ai | |
| source-diff | obfuscated-file:dist/src-D5R5YzV7.cjs | AI (source-diff): Standard Vite-minified CJS bundle output for this build-tool-based package. | ai | |
| source-diff | obfuscated-file:dist/src-Dvmif2FY.js | AI (source-diff): Standard Vite-minified ESM bundle output for this build-tool-based package. | ai | |
| source-diff | obfuscated-file:dist/extensions-Cutrafjg.cjs | AI (source-diff): Standard Vite-minified CJS bundle output for this build-tool-based package. | ai | |
| source-diff | obfuscated-file:dist/blocks-KyMOxPT3.cjs | AI (source-diff): Standard minified CJS build output from Vite; no obfuscation. | ai | |
| source-diff | obfuscated-file:dist/extensions-Cuw3zOdC.cjs | AI (source-diff): Standard minified CJS build output from Vite; no obfuscation. | ai | |
| source-diff | obfuscated-file:dist/src-_83jmA7A.cjs | AI (source-diff): Standard minified CJS build output from Vite; no obfuscation. | ai | |
| source-diff | obfuscated-file:dist/src-DK_8q1j5.js | AI (source-diff): Standard minified ESM build output from Vite; no obfuscation. | ai | |
| source-diff | obfuscated-file:dist/blocks-BFnTypT-.cjs | AI (source-diff): Standard minified build output for this editor package; content is readable ProseMirror logic with source maps. | ai | |
| source-diff | obfuscated-file:dist/src-SVFpMAWE.js | AI (source-diff): Standard minified ESM build artifact; content is editor core logic. | ai | |
| publish-pattern | dormant-publish | AI (publish-pattern): Package has 145 versions and 10 approved inbound edges; dormancy signal is likely a registry data anomaly. | ai | |
| source-diff | obfuscated-file:dist/src-DsJ6yzs9.cjs | AI (source-diff): Standard minified build artifact; content is editor core logic. | ai | |
| source-diff | obfuscated-file:dist/extensions-CYsFi5Is.cjs | AI (source-diff): Standard minified build artifact; content is editor extension logic. | ai | |
| source-diff | obfuscated-file:dist/en-Cj5r8sW_.cjs | AI (source-diff): Minified i18n locale data; content is plainly readable UI strings. | ai | |
| typosquat | typosquat.levenshtein:cors | AI (typosquat): Scoped package @blocknote/core is a well-known editor, not a typosquat of cors; Levenshtein match is spurious. | ai | |
| phantom-deps | phantom-dep:@tiptap/extension-paragraph | AI (phantom-deps): Tiptap extension deps are re-exported or used indirectly; phantom-dep heuristic is a false positive for this package. | ai | |
| phantom-deps | phantom-dep:rehype-format | AI (phantom-deps): rehype-format is a declared runtime dep used in build/config context; phantom-dep heuristic is a false positive here. | ai | |
| phantom-deps | phantom-dep:@tiptap/extension-horizontal-rule | AI (phantom-deps): Same as above — tiptap extension re-export pattern; stable false positive. | ai |
Versions (showing 9 of 9)
| Version | Deps | Published |
|---|---|---|
| 0.51.4 | 27 / 8 | |
| 0.51.3 | 27 / 8 | |
| 0.51.2 | 27 / 8 | |
| 0.51.1 | 27 / 8 | |
| 0.51.0 | 27 / 8 | |
| 0.50.0 | 38 / 9 | |
| 0.49.0 | 38 / 9 | |
| 0.48.1 | 39 / 11 | |
| 0.48.0 | 39 / 11 |
v0.51.4
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.51.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.51.2
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.51.1
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.51.0
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.50.0
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.48.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.48.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.