← Home

@clerk/themes

100
Versions
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

colinclerkbradenclerknikosdouvlisjescalanbkalowdominic-clerk

Keywords

reactnextauthauthenticationpasswordlesssessionjwtcustomisationthemes

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
provenance publisher-changed AI (provenance): Clerk org transitioned to GitHub Actions CI publishing; SLSA attestation confirms legitimate supply chain. ai
phantom-deps phantom-dep:tslib AI (phantom-deps): tslib is a declared runtime dependency used implicitly by compiled TypeScript output; stable false positive. ai

Versions (showing 100 of 179)

Version Deps Published
2.4.63 2 / 1
2.4.62 2 / 1
2.4.61 2 / 1
2.4.60 2 / 1
2.4.59 2 / 1
2.4.58 2 / 1
2.4.57 2 / 1
2.4.56 2 / 1
2.4.55 2 / 1
2.4.54 2 / 1
2.4.53 2 / 1
2.4.52 2 / 1
2.4.51 2 / 1
2.4.50 2 / 1
2.4.49 2 / 1
2.4.48 2 / 1
2.4.47 2 / 1
2.4.46 2 / 1
2.4.45 2 / 1
2.4.44 2 / 1
2.4.43 2 / 1
2.4.42 2 / 1
2.4.41 2 / 1
2.4.40 2 / 1
2.4.39 2 / 1
2.4.38 2 / 1
2.4.37 2 / 1
2.4.36 2 / 1
2.4.35 2 / 1
2.4.34 2 / 1
2.4.33 2 / 1
2.4.32 2 / 1
2.4.31 2 / 1
2.4.30 2 / 1
2.4.29 2 / 1
2.4.28 2 / 1
2.4.27 2 / 1
2.4.26 2 / 1
2.4.25 2 / 1
2.4.24 2 / 1
2.4.23 2 / 1
2.4.22 2 / 1
2.4.21 2 / 1
2.4.20 2 / 1
2.4.19 2 / 1
2.4.18 2 / 1
2.4.17 2 / 1
2.4.16 2 / 1
2.4.15 2 / 1
2.4.14 2 / 1
2.4.13 2 / 1
2.4.12 2 / 1
2.4.11 2 / 1
2.4.10 2 / 1
2.4.9 2 / 1
2.4.8 2 / 1
2.4.7 2 / 1
2.4.6 2 / 1
2.4.5 2 / 1
2.4.4 2 / 1
2.4.3 2 / 0
2.4.2 2 / 0
2.4.1 2 / 0
2.4.0 2 / 0
2.3.3 2 / 0
2.3.2 2 / 0
2.3.1 2 / 0
2.3.0 2 / 0
2.2.56 2 / 0
2.2.55 2 / 0
2.2.54 2 / 0
2.2.53 2 / 0
2.2.52 2 / 0
2.2.51 2 / 0
2.2.50 2 / 0
2.2.49 2 / 0
2.2.48 2 / 0
2.2.47 2 / 0
2.2.46 2 / 0
2.2.45 2 / 0
2.2.44 2 / 0
2.2.43 2 / 0
2.2.42 2 / 0
2.2.41 2 / 0
2.2.40 2 / 0
2.2.39 2 / 0
2.2.38 2 / 0
2.2.37 2 / 0
2.2.36 2 / 0
2.2.35 2 / 0
2.2.34 2 / 0
2.2.33 2 / 0
2.2.32 2 / 0
2.2.31 2 / 0
2.2.30 2 / 0
2.2.29 2 / 0
2.2.28 2 / 0
2.2.27 2 / 0
2.2.26 2 / 0
2.2.25 2 / 0
Showing 100 of 179 Next page →

v2.4.63

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.4.62

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.4.61

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.4.60

2 findings
HIGH Publisher changed: dominic-clerk → GitHub Actions (on 2026-04-22) provenance

This version was published by a different npm account than previous versions on 2026-04-22. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.4.59

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.4.57

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.2.36

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.2.35

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.2.34

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.2.33

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.2.32

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.2.31

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.2.30

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.2.29

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.2.28

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.2.27

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.2.26

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.2.25

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.