@clerk/elements — Greenflagged

Clerk Elements

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

colinclerkbradenclerknikosdouvlischanioxarisjescalanbkalowdominic-clerkmwickett

Keywords

clerktypescriptauthauthenticationpasswordlesssessionjwtelementsradix

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Clerk migrated to GitHub Actions publishing with SLSA attestation; publisher change is org-wide CI transition.	ai	2026/06/04
publish-pattern	dormant-publish	AI (publish-pattern): Package is in active Clerk monorepo; dormancy reflects release cadence, not abandonment or takeover.	ai	2026/06/04
phantom-deps	phantom-dep:tslib	AI (phantom-deps): tslib is a known implicit runtime dependency for TypeScript compiled output.	ai	2026/06/04
phantom-deps	phantom-dep:@clerk/clerk-react	AI (phantom-deps): Same-org peer dependency; not directly imported but used transitively within the Clerk ecosystem.	ai	2026/06/04

Versions (showing 77 of 77)

Version	Deps	Published
0.24.18	11 / 3	2026-05-27
0.24.17	11 / 3	2026-05-23
0.24.16	11 / 3	2026-04-22
0.24.15	11 / 3	2026-04-15
0.24.14	11 / 3	2026-03-20
0.24.13	11 / 3	2026-02-27
0.24.12	11 / 3	2026-02-26
0.24.11	11 / 3	2026-02-20
0.24.10	11 / 3	2026-02-18
0.24.9	11 / 3	2026-02-17
0.24.8	11 / 3	2026-02-13
0.24.7	11 / 3	2026-01-28
0.24.6	11 / 3	2026-01-23
0.24.5	11 / 3	2026-01-21
0.24.4	11 / 3	2026-01-16
0.24.3	11 / 3	2026-01-07
0.24.2	11 / 3	2025-12-19
0.24.1	11 / 3	2025-12-18
0.24.0	11 / 3	2025-12-15
0.23.89	11 / 3	2025-12-08
0.23.88	11 / 3	2025-12-05
0.23.87	11 / 3	2025-12-02
0.23.86	11 / 3	2025-11-24
0.23.85	11 / 3	2025-11-21
0.23.84	11 / 3	2025-11-20
0.23.83	11 / 3	2025-11-17
0.23.82	11 / 3	2025-11-12
0.23.81	11 / 3	2025-11-11
0.23.80	11 / 3	2025-11-10
0.23.79	11 / 3	2025-11-06
0.23.78	11 / 3	2025-11-06
0.23.77	11 / 3	2025-11-05
0.23.76	11 / 3	2025-11-04
0.23.75	11 / 3	2025-10-29
0.23.74	11 / 3	2025-10-22
0.23.73	11 / 3	2025-10-17
0.23.72	11 / 3	2025-10-16
0.23.71	11 / 3	2025-10-15
0.23.70	11 / 3	2025-10-14
0.23.69	11 / 3	2025-10-06
0.23.68	11 / 3	2025-10-03
0.23.67	11 / 3	2025-09-30
0.23.66	11 / 3	2025-09-27
0.23.65	11 / 3	2025-09-22
0.23.64	11 / 3	2025-09-16
0.23.63	11 / 3	2025-09-12
0.23.62	11 / 3	2025-09-09
0.23.61	10 / 4	2025-09-04
0.23.60	10 / 4	2025-09-02
0.23.59	10 / 4	2025-08-27
0.23.58	10 / 4	2025-08-26
0.23.57	10 / 4	2025-08-21
0.23.56	10 / 4	2025-08-19
0.23.55	10 / 4	2025-08-18
0.23.54	10 / 4	2025-08-14
0.23.53	10 / 4	2025-08-14
0.23.52	10 / 4	2025-08-13
0.23.51	10 / 4	2025-08-12
0.23.50	10 / 4	2025-08-08
0.23.49	10 / 4	2025-08-06
0.23.48	10 / 4	2025-07-31
0.23.47	10 / 4	2025-07-29
0.23.46	10 / 4	2025-07-25
0.23.45	10 / 4	2025-07-24
0.23.44	10 / 4	2025-07-23
0.23.43	10 / 4	2025-07-17
0.23.42	10 / 4	2025-07-16
0.23.41	10 / 4	2025-07-16
0.23.40	10 / 4	2025-07-15
0.23.39	10 / 4	2025-07-14
0.23.38	10 / 4	2025-07-08
0.23.37	10 / 4	2025-07-03
0.23.36	10 / 4	2025-06-30
0.23.35	10 / 4	2025-06-26
0.23.34	10 / 4	2025-06-23
0.23.33	10 / 4	2025-06-13
0.23.32	10 / 4	2025-06-04

v0.24.18

2 findings

HIGH Publisher changed: dominic-clerk → GitHub Actions (on 2026-05-27) provenance

This version was published by a different npm account than previous versions on 2026-05-27. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance