← Home

@clerk/shared

41
Versions
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

colinclerkbradenclerknikosdouvlisjescalanbrkalow-clerkdominic-clerk

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
source-diff large-new-source-files AI (source-diff): New files are typedoc/sourcemap artifacts from build tool change, not injected code. ai
source-diff obfuscated-file:dist/runtime/_chunks/index-JGjZaAzP.d.ts AI (source-diff): Bundled .d.ts type declarations with long union lines; not obfuscation. ai
source-diff obfuscated-file:dist/runtime/_chunks/index-bgWBrAaq.d.mts AI (source-diff): Bundled .d.mts type declarations with long union lines; not obfuscation. ai
source-diff obfuscated-file:dist/runtime/_chunks/index-B5XpCs9l.d.ts AI (source-diff): Bundled .d.ts type declarations with long lines; not obfuscation. ai
source-diff obfuscated-file:dist/runtime/_chunks/index-U8nAlSHe.d.mts AI (source-diff): Bundled .d.mts type declarations with long lines; not obfuscation. ai
source-diff obfuscated-file:dist/runtime/index-DiuVvpQQ.d.ts AI (source-diff): Bundled .d.ts type declarations with long lines; not obfuscation. ai
source-diff obfuscated-file:dist/runtime/index-C2QWAMOD.d.mts AI (source-diff): Bundled .d.mts type declarations with long lines; not obfuscation. ai
source-diff obfuscated-file:dist/runtime/index-DjABnz7s.d.mts AI (source-diff): Bundled .d.mts type declarations with long lines; not obfuscated code. ai
source-diff obfuscated-file:dist/runtime/index-QfOfN90h.d.ts AI (source-diff): Bundled .d.ts type declarations with long lines; not obfuscated code. ai
source-diff obfuscated-file:dist/runtime/index-DAac51Y8.d.ts AI (source-diff): Bundled .d.ts type declarations with long type-union lines; not obfuscated code. ai
source-diff obfuscated-file:dist/runtime/index-Ch3QvM-g.d.mts AI (source-diff): Bundled .d.mts type declarations with long type-union lines; not obfuscated code. ai
source-diff obfuscated-file:dist/runtime/index-BRHEKtxw.d.mts AI (source-diff): Bundled .d.mts type declarations with long union lines; not obfuscation. ai
source-diff obfuscated-file:dist/runtime/index-D4413SlB.d.ts AI (source-diff): Bundled .d.ts type declarations with long union lines; not obfuscation. ai
source-diff obfuscated-file:dist/runtime/index-BgHD4yD8.d.ts AI (source-diff): Bundled .d.ts type declarations with long lines; not obfuscation. ai
source-diff obfuscated-file:dist/runtime/index-KhRX9y_z.d.mts AI (source-diff): Bundled .d.mts type declarations with long lines; not obfuscation. ai
source-diff obfuscated-file:dist/runtime/index-T5KU6jIr.d.ts AI (source-diff): Bundled .d.ts type declarations with long lines; not obfuscation. ai
source-diff obfuscated-file:dist/runtime/index-AsIy_WTK.d.mts AI (source-diff): Bundled .d.mts type declarations with long lines; not obfuscation. ai
source-diff obfuscated-file:dist/runtime/index-EYzZSxSE.d.ts AI (source-diff): TypeScript declaration bundle with long type lines; not obfuscation. ai
source-diff obfuscated-file:dist/runtime/index-6_Jyf0c_.d.mts AI (source-diff): TypeScript declaration bundle with long type lines; not obfuscation. ai
source-diff obfuscated-file:dist/runtime/index-zA2KhmuI.d.mts AI (source-diff): Bundled .d.mts type declarations with long lines; not obfuscation. ai
source-diff obfuscated-file:dist/runtime/index-BqLLE-vc.d.ts AI (source-diff): Bundled .d.ts type declarations with long lines; not obfuscation. ai
publish-pattern new-deps-added AI (publish-pattern): swr and csstype are well-known, reputable packages; addition is consistent with legitimate feature expansion in this established library. ai
source-diff obfuscated-file:dist/runtime/index-BTdJ4Y4V.d.ts AI (source-diff): Bundled .d.ts type declarations with long lines; not obfuscation. ai
source-diff obfuscated-file:dist/runtime/index-F0BR-V87.d.mts AI (source-diff): Bundled .d.mts type declarations with long lines; not obfuscation. ai
source-diff obfuscated-file:dist/runtime/index-T2ZJDsnA.d.ts AI (source-diff): Bundled .d.ts type declarations with long lines; not obfuscation. ai
source-diff obfuscated-file:dist/runtime/index-DREJXxKR.d.mts AI (source-diff): Bundled .d.mts type declarations with long lines; not obfuscation. ai
dependencies unvetted-dep:@clerk/types AI (dependencies): @clerk/types is a first-party Clerk package in the same ecosystem; its use as a dependency of @clerk/shared is expected and stable across all versions. ai
install-scripts install-script:postinstall AI (install-scripts): Clerk's postinstall.mjs is a local script for telemetry/setup notices; stable pattern across all versions of this package with SLSA provenance. ai
bogus-package bogus-package AI (bogus-package): Internal monorepo utility package; missing keywords and minimal README are expected and not risk indicators. ai

Versions (showing 41 of 41)

Version Deps Published
4.25.3 4 / 14
4.25.2 4 / 14
4.25.1 4 / 14
4.25.0 4 / 14
4.24.0 4 / 14
4.23.0 4 / 14
4.22.1 4 / 14
4.22.0 4 / 14
4.21.0 4 / 14
4.20.0 4 / 14
4.19.1 4 / 14
4.19.0 4 / 14
4.18.0 4 / 14
4.17.1 4 / 14
4.17.0 4 / 14
4.16.0 4 / 14
4.15.0 4 / 14
4.14.0 5 / 14
4.13.1 5 / 14
4.13.0 5 / 14
4.12.2 5 / 14
4.12.1 5 / 14
4.12.0 5 / 14
4.11.0 5 / 14
4.10.2 5 / 14
4.10.1 5 / 14
4.10.0 5 / 14
4.9.0 5 / 14
4.8.7 5 / 14
4.8.6 5 / 14
4.8.5 5 / 14
4.8.4 5 / 14
4.8.3 5 / 14
4.8.2 5 / 14
4.8.1 5 / 14
3.47.8 6 / 7
3.47.7 6 / 7
3.47.6 6 / 7
3.47.5 6 / 7
3.47.4 6 / 7
2.22.1 6 / 4

v4.25.3

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.25.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.25.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.25.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.24.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.23.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.22.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.22.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.21.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.20.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.19.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.19.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.18.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.17.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.17.0

3 findings
HIGH New obfuscated file: dist/runtime/_chunks/index-bgWBrAaq.d.mts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/runtime/_chunks/index-JGjZaAzP.d.ts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.16.0

3 findings
HIGH New obfuscated file: dist/runtime/_chunks/index-U8nAlSHe.d.mts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/runtime/_chunks/index-B5XpCs9l.d.ts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.15.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.14.0

3 findings
HIGH New obfuscated file: dist/runtime/index-Ch3QvM-g.d.mts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/runtime/index-DAac51Y8.d.ts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.13.1

3 findings
HIGH New obfuscated file: dist/runtime/index-6_Jyf0c_.d.mts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/runtime/index-EYzZSxSE.d.ts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.13.0

3 findings
HIGH New obfuscated file: dist/runtime/index-6_Jyf0c_.d.mts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/runtime/index-EYzZSxSE.d.ts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.11.0

3 findings
HIGH New obfuscated file: dist/runtime/index-zA2KhmuI.d.mts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/runtime/index-BqLLE-vc.d.ts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.10.1

3 findings
HIGH New obfuscated file: dist/runtime/index-F0BR-V87.d.mts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/runtime/index-BTdJ4Y4V.d.ts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.47.8

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.47.6

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.