← Home

@clerk/themes

51
Versions
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

colinclerkbradenclerknikosdouvlisjescalanbkalowdominic-clerk

Keywords

reactnextauthauthenticationpasswordlesssessionjwtcustomisationthemes

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
provenance publisher-changed AI (provenance): Clerk org transitioned to GitHub Actions CI publishing; SLSA attestation confirms legitimate supply chain. ai
phantom-deps phantom-dep:tslib AI (phantom-deps): tslib is a declared runtime dependency used implicitly by compiled TypeScript output; stable false positive. ai

Versions (showing 51 of 179)

View all versions
Version Deps Published
2.4.63 2 / 1
2.4.62 2 / 1
2.4.61 2 / 1
2.4.60 2 / 1
2.4.59 2 / 1
2.4.58 2 / 1
2.4.57 2 / 1
2.4.56 2 / 1
2.4.55 2 / 1
2.4.54 2 / 1
2.4.53 2 / 1
2.4.52 2 / 1
2.4.51 2 / 1
2.4.50 2 / 1
2.4.49 2 / 1
2.4.48 2 / 1
2.4.47 2 / 1
2.4.46 2 / 1
2.4.45 2 / 1
2.4.44 2 / 1
2.4.43 2 / 1
2.4.42 2 / 1
2.4.41 2 / 1
2.4.40 2 / 1
2.4.39 2 / 1
2.4.38 2 / 1
2.4.37 2 / 1
2.4.36 2 / 1
2.4.35 2 / 1
2.4.34 2 / 1
2.4.33 2 / 1
2.4.32 2 / 1
2.4.31 2 / 1
2.4.30 2 / 1
2.4.29 2 / 1
2.4.28 2 / 1
2.4.27 2 / 1
2.4.26 2 / 1
2.4.25 2 / 1
2.4.24 2 / 1
2.4.23 2 / 1
2.4.22 2 / 1
2.4.21 2 / 1
2.4.20 2 / 1
2.4.19 2 / 1
2.4.18 2 / 1
2.4.17 2 / 1
2.4.16 2 / 1
2.4.15 2 / 1
2.4.14 2 / 1
2.4.13 2 / 1

v2.4.63

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.4.62

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.4.61

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.4.60

2 findings
HIGH Publisher changed: dominic-clerk → GitHub Actions (on 2026-04-22) provenance

This version was published by a different npm account than previous versions on 2026-04-22. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.4.59

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.4.57

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.