@commercetools-frontend/mc-html-template

Everything related to render the index.html for a MC application

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

tdeekensemmenkocommercetools-admin

Keywords

javascriptfrontendreacttoolkit

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	obfuscated-file:dist/generate-template-Dqgy-ei1.cjs.dev.js	AI (source-diff): Long lines are inlined HTML template strings, not obfuscation; stable pattern for this build tool package.	ai	2026/05/18
source-diff	obfuscated-file:dist/generate-template-Dqgy-ei1.cjs.prod.js	AI (source-diff): Long lines are inlined HTML template strings, not obfuscation; stable pattern for this build tool package.	ai	2026/05/18
source-diff	obfuscated-file:dist/generate-template-775d54b0.cjs.prod.js	AI (source-diff): Long lines are HTML template strings bundled as CJS; not obfuscated malicious code.	ai	2026/05/06
source-diff	obfuscated-file:dist/generate-template-92ee209d.cjs.dev.js	AI (source-diff): Long lines are HTML template strings bundled as CJS; not obfuscated malicious code.	ai	2026/05/06
phantom-deps	phantom-dep:uglifycss	AI (phantom-deps): Build-tool dep referenced in config, not directly imported; stable false positive for this package.	ai	2026/04/30
phantom-deps	phantom-dep:@babel/runtime	AI (phantom-deps): Framework-scoped package loaded by convention; stable false positive for this package.	ai	2026/04/30
phantom-deps	phantom-dep:uglify-js	AI (phantom-deps): Build-tool dep referenced in config, not directly imported; stable false positive for this package.	ai	2026/04/30

Versions (showing 26 of 26)

Version	Deps	Published
27.6.2	7 / 4	2026-05-18
27.6.1	7 / 4	2026-05-18
27.6.0	7 / 4	2026-05-14
27.5.4	7 / 4	2026-05-13
27.5.3	7 / 4	2026-05-12
27.5.2	7 / 4	2026-05-11
27.5.1	7 / 4	2026-05-07
27.5.0	7 / 4	2026-05-05
27.4.2	7 / 4	2026-04-22
27.4.1	7 / 4	2026-04-16
27.4.0	7 / 4	2026-04-13
27.3.0	7 / 4	2026-04-13
27.2.0	7 / 4	2026-03-31
27.1.0	7 / 4	2026-03-23
27.0.0	7 / 4	2026-03-11
26.1.0	7 / 4	2026-02-25
26.0.2	7 / 4	2026-02-23
26.0.1	7 / 4	2026-02-19
26.0.0	7 / 4	2026-02-11
25.2.0	7 / 4	2026-02-04
25.1.0	7 / 4	2026-01-13
25.0.0	7 / 4	2026-01-08
24.13.0	7 / 4	2025-12-15
24.12.0	7 / 4	2025-12-09
24.11.0	7 / 4	2025-11-12
24.10.0	7 / 4	2025-10-31

v27.6.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v27.6.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v27.6.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v27.5.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v27.5.3

3 findings

HIGH New obfuscated file: dist/generate-template-Dqgy-ei1.cjs.dev.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/generate-template-Dqgy-ei1.cjs.prod.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v27.5.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v27.5.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v27.5.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v27.4.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v27.4.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v27.3.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v27.2.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v27.1.0

3 findings

HIGH New obfuscated file: dist/generate-template-775d54b0.cjs.prod.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/generate-template-92ee209d.cjs.dev.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v27.0.0

3 findings

HIGH New obfuscated file: dist/generate-template-775d54b0.cjs.prod.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/generate-template-92ee209d.cjs.dev.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v26.1.0

3 findings

HIGH New obfuscated file: dist/generate-template-775d54b0.cjs.prod.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/generate-template-92ee209d.cjs.dev.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v26.0.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v26.0.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v26.0.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v25.2.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v25.1.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v25.0.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v24.13.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v24.12.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v24.11.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v24.10.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.