@cntrl-site/sdk-nextjs
SDK for Next.js
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:@antfu/eslint-config | AI (dependencies): @antfu/eslint-config is a widely-used ESLint config; no security risk as a build/lint dependency. | ai | |
| phantom-deps | phantom-dep:@types/vimeo__player | AI (phantom-deps): Type-only dep for @vimeo/player; framework convention, stable FP. | ai | |
| semgrep | semgrep:new-function-constructor | AI (semgrep): Used in evaluateComponentBundle.js to execute CMS component bundles — intentional and documented pattern for this SDK. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Legitimate SDK with 433 versions and active GitHub repo; sparse README is cosmetic. | ai |
Versions (showing 51 of 52)
| Version | Deps | Published |
|---|---|---|
| 1.9.69 | 10 / 14 | |
| 1.9.68 | 10 / 14 | |
| 1.9.67 | 10 / 14 | |
| 1.9.66 | 10 / 14 | |
| 1.9.60 | 10 / 14 | |
| 1.9.57 | 10 / 14 | |
| 1.9.54 | 10 / 13 | |
| 1.9.53 | 10 / 13 | |
| 1.9.52 | 10 / 13 | |
| 1.9.51 | 10 / 13 | |
| 1.9.40 | 10 / 13 | |
| 1.9.37 | 10 / 13 | |
| 1.9.31 | 10 / 13 | |
| 1.9.28 | 10 / 13 | |
| 1.9.27 | 10 / 13 | |
| 1.9.25 | 10 / 13 | |
| 1.9.19 | 10 / 13 | |
| 1.9.16 | 10 / 13 | |
| 1.9.14 | 10 / 13 | |
| 1.9.8 | 9 / 13 | |
| 1.9.6 | 9 / 13 | |
| 1.8.40 | 9 / 11 | |
| 1.8.39 | 9 / 11 | |
| 1.8.38 | 9 / 11 | |
| 1.8.37 | 9 / 11 | |
| 1.8.36 | 9 / 11 | |
| 1.8.35 | 9 / 11 | |
| 1.8.34 | 9 / 11 | |
| 1.8.33 | 9 / 11 | |
| 1.8.32 | 9 / 11 | |
| 1.8.31 | 9 / 11 | |
| 1.8.30 | 9 / 11 | |
| 1.8.29 | 9 / 11 | |
| 1.8.28 | 9 / 11 | |
| 1.8.27 | 9 / 11 | |
| 1.8.26 | 9 / 11 | |
| 1.8.25 | 9 / 11 | |
| 1.8.24 | 9 / 11 | |
| 1.8.23 | 9 / 11 | |
| 1.8.22 | 9 / 11 | |
| 1.8.21 | 9 / 11 | |
| 1.8.19 | 9 / 11 | |
| 1.8.18 | 9 / 11 | |
| 1.8.17 | 9 / 11 | |
| 1.8.14 | 9 / 11 | |
| 1.8.13 | 9 / 11 | |
| 1.8.12 | 9 / 11 | |
| 1.8.11 | 9 / 12 | |
| 1.8.10 | 9 / 11 | |
| 1.8.9 | 9 / 11 | |
| 1.8.8 | 9 / 11 |
v1.9.69
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.9.68
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.67
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.9.66
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.9.60
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.9.57
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.9.54
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.9.53
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.9.52
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.9.51
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.9.40
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.9.37
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.9.31
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.9.28
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.9.27
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.9.25
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.9.19
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.9.16
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.9.14
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.9.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.40
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.39
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.38
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.37
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.36
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.35
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.34
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.33
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.32
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.31
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.30
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.29
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.28
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.27
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.26
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.25
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.24
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.23
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.22
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.21
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.19
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.18
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.17
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.14
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.8.13
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.8.12
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.8.11
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.8.10
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.8.9
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.8.8
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.