@carbon/type
Typography for digital and software products using the Carbon Design System
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| publish-pattern | dormant-publish | AI (publish-pattern): Carbon monorepo publishes via GitHub Actions CI; apparent dormancy reflects publisher account change, not takeover. | ai | |
| maintainer-change | maintainer-removed | AI (maintainer-change): Carbon Design System migrated to GitHub Actions CI publishing; individual maintainer removal is expected org practice. | ai | |
| install-scripts | install-script:postinstall | AI (install-scripts): IBM telemetry collector is standard across all Carbon Design System packages; not malicious. | ai | |
| phantom-deps | phantom-dep:@carbon/grid | AI (phantom-deps): Sibling Carbon org package; phantom-dep is a stable false positive for this monorepo package. | ai | |
| phantom-deps | phantom-dep:@ibm/telemetry-js | AI (phantom-deps): Used via CLI invocation in postinstall, not direct import; stable false positive. | ai |
Versions (showing 16 of 16)
| Version | Deps | Published |
|---|---|---|
| 11.60.0 | 3 / 5 | |
| 11.59.0 | 3 / 5 | |
| 11.58.0 | 3 / 5 | |
| 11.57.0 | 3 / 5 | |
| 11.55.0 | 3 / 5 | |
| 11.52.0 | 3 / 5 | |
| 11.50.0 | 3 / 5 | |
| 11.48.0 | 3 / 5 | |
| 11.47.0 | 3 / 5 | |
| 11.46.0 | 3 / 5 | |
| 11.45.0 | 3 / 5 | |
| 11.44.0 | 3 / 5 | |
| 11.43.0 | 3 / 5 | |
| 11.42.0 | 3 / 5 | |
| 11.41.0 | 3 / 5 | |
| 11.40.0 | 3 / 5 |
v11.60.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v11.59.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v11.57.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v11.55.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v11.52.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v11.50.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v11.48.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.
v11.47.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.
v11.46.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.
v11.45.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.
v11.44.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.
v11.43.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.
v11.42.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.
v11.41.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.
v11.40.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.