@bubblelab/ts-scope-manager
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:dynamic-require | AI (semgrep): Resolves path from a pinned peer dep and loads a known sub-module; not arbitrary code loading. | ai |
Versions (showing 100 of 290)
| Version | Deps | Published |
|---|---|---|
| 0.99.999 | 1 / 0 | |
| 0.1.324 | 1 / 0 | |
| 0.1.323 | 1 / 0 | |
| 0.1.322 | 1 / 0 | |
| 0.1.321 | 1 / 0 | |
| 0.1.320 | 1 / 0 | |
| 0.1.319 | 1 / 0 | |
| 0.1.318 | 1 / 0 | |
| 0.1.317 | 1 / 0 | |
| 0.1.316 | 1 / 0 | |
| 0.1.314 | 1 / 0 | |
| 0.1.313 | 1 / 0 | |
| 0.1.312 | 1 / 0 | |
| 0.1.311 | 1 / 0 | |
| 0.1.310 | 1 / 0 | |
| 0.1.309 | 1 / 0 | |
| 0.1.308 | 1 / 0 | |
| 0.1.307 | 1 / 0 | |
| 0.1.306 | 1 / 0 | |
| 0.1.305 | 1 / 0 | |
| 0.1.304 | 1 / 0 | |
| 0.1.303 | 1 / 0 | |
| 0.1.302 | 1 / 0 | |
| 0.1.301 | 1 / 0 | |
| 0.1.300 | 1 / 0 | |
| 0.1.299 | 1 / 0 | |
| 0.1.298 | 1 / 0 | |
| 0.1.297 | 1 / 0 | |
| 0.1.296 | 1 / 0 | |
| 0.1.295 | 1 / 0 | |
| 0.1.294 | 1 / 0 | |
| 0.1.293 | 1 / 0 | |
| 0.1.291 | 1 / 0 | |
| 0.1.289 | 1 / 0 | |
| 0.1.288 | 1 / 0 | |
| 0.1.287 | 1 / 0 | |
| 0.1.286 | 1 / 0 | |
| 0.1.285 | 1 / 0 | |
| 0.1.284 | 1 / 0 | |
| 0.1.283 | 1 / 0 | |
| 0.1.282 | 1 / 0 | |
| 0.1.281 | 1 / 0 | |
| 0.1.280 | 1 / 0 | |
| 0.1.279 | 1 / 0 | |
| 0.1.278 | 1 / 0 | |
| 0.1.277 | 1 / 0 | |
| 0.1.276 | 1 / 0 | |
| 0.1.275 | 1 / 0 | |
| 0.1.273 | 1 / 0 | |
| 0.1.272 | 1 / 0 | |
| 0.1.271 | 1 / 0 | |
| 0.1.270 | 1 / 0 | |
| 0.1.269 | 1 / 0 | |
| 0.1.268 | 1 / 0 | |
| 0.1.267 | 1 / 0 | |
| 0.1.266 | 1 / 0 | |
| 0.1.265 | 1 / 0 | |
| 0.1.262 | 1 / 0 | |
| 0.1.260 | 1 / 0 | |
| 0.1.255 | 1 / 0 | |
| 0.1.254 | 1 / 0 | |
| 0.1.253 | 1 / 0 | |
| 0.1.252 | 1 / 0 | |
| 0.1.251 | 1 / 0 | |
| 0.1.250 | 1 / 0 | |
| 0.1.249 | 1 / 0 | |
| 0.1.248 | 1 / 0 | |
| 0.1.247 | 1 / 0 | |
| 0.1.246 | 1 / 0 | |
| 0.1.245 | 1 / 0 | |
| 0.1.244 | 1 / 0 | |
| 0.1.243 | 1 / 0 | |
| 0.1.242 | 1 / 0 | |
| 0.1.241 | 1 / 0 | |
| 0.1.240 | 1 / 0 | |
| 0.1.239 | 1 / 0 | |
| 0.1.238 | 1 / 0 | |
| 0.1.237 | 1 / 0 | |
| 0.1.236 | 1 / 0 | |
| 0.1.235 | 1 / 0 | |
| 0.1.233 | 1 / 0 | |
| 0.1.232 | 1 / 0 | |
| 0.1.231 | 1 / 0 | |
| 0.1.230 | 1 / 0 | |
| 0.1.229 | 1 / 0 | |
| 0.1.228 | 1 / 0 | |
| 0.1.227 | 1 / 0 | |
| 0.1.226 | 1 / 0 | |
| 0.1.225 | 1 / 0 | |
| 0.1.224 | 1 / 0 | |
| 0.1.223 | 1 / 0 | |
| 0.1.222 | 1 / 0 | |
| 0.1.221 | 1 / 0 | |
| 0.1.220 | 1 / 0 | |
| 0.1.219 | 1 / 0 | |
| 0.1.218 | 1 / 0 | |
| 0.1.217 | 1 / 0 | |
| 0.1.216 | 1 / 0 | |
| 0.1.215 | 1 / 0 | |
| 0.1.214 | 1 / 0 |
v0.1.324
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.322
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.321
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.255
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.254
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.253
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.252
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.251
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.250
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.249
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.248
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.247
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.246
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.245
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.244
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.243
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.242
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.241
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.240
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.239
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.238
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.237
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.236
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.235
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.233
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.232
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.231
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.230
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.229
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.228
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.227
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.226
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.225
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.224
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.223
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.222
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.221
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.220
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.219
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.218
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.217
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.216
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.215
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.214
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.