@elementor/editor-editing-panel

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

kingyesmati1000nevosschenecloud-devops

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
npm-metadata	no-description	AI (npm-metadata): Monorepo package with documented homepage and repo; missing description is stable pattern.	ai	2026/05/15
provenance	no-provenance	AI (provenance): Established publisher; provenance absence is common in legacy packages and not a security blocker.	ai	2026/05/15
dependencies	unvetted-dep:@elementor/editor-interactions	AI (dependencies): Sibling @elementor monorepo package; same trust context as other accepted @elementor/* deps.	ai	2026/04/30
dependencies	unvetted-dep:@elementor/editor-styles-repository	AI (dependencies): Sibling @elementor monorepo package; same trust context as other accepted @elementor/* deps.	ai	2026/04/30
dependencies	unvetted-dep:@elementor/editor	AI (dependencies): Sibling Elementor monorepo package; stable false positive for this package.	ai	2026/04/29
dependencies	unvetted-dep:@elementor/schema	AI (dependencies): Sibling Elementor monorepo package; stable false positive for this package.	ai	2026/04/29
dependencies	unvetted-dep:@elementor/session	AI (dependencies): Sibling Elementor monorepo package; stable false positive for this package.	ai	2026/04/29
dependencies	unvetted-dep:@elementor/wp-media	AI (dependencies): Sibling Elementor monorepo package; stable false positive for this package.	ai	2026/04/29
dependencies	unvetted-dep:@elementor/editor-ui	AI (dependencies): Sibling Elementor monorepo package; stable false positive for this package.	ai	2026/04/29
dependencies	unvetted-dep:@elementor/locations	AI (dependencies): Sibling Elementor monorepo package; stable false positive for this package.	ai	2026/04/29
dependencies	unvetted-dep:@elementor/editor-props	AI (dependencies): Sibling Elementor monorepo package; stable false positive for this package.	ai	2026/04/29
dependencies	unvetted-dep:@elementor/editor-canvas	AI (dependencies): Sibling Elementor monorepo package; stable false positive for this package.	ai	2026/04/29
dependencies	unvetted-dep:@elementor/ui	AI (dependencies): Sibling Elementor monorepo package; stable false positive for this package.	ai	2026/04/29
dependencies	unvetted-dep:@elementor/editor-styles	AI (dependencies): Sibling Elementor monorepo package; stable false positive for this package.	ai	2026/04/29
dependencies	unvetted-dep:@elementor/editor-controls	AI (dependencies): Sibling Elementor monorepo package; stable false positive for this package.	ai	2026/04/29
dependencies	unvetted-dep:@elementor/editor-elements	AI (dependencies): Sibling Elementor monorepo package; stable false positive for this package.	ai	2026/04/29
dependencies	unvetted-dep:@elementor/editor-documents	AI (dependencies): Sibling Elementor monorepo package; stable false positive for this package.	ai	2026/04/29
dependencies	unvetted-dep:@elementor/editor-variables	AI (dependencies): Sibling Elementor monorepo package; stable false positive for this package.	ai	2026/04/29
dependencies	unvetted-dep:@elementor/editor-responsive	AI (dependencies): Sibling Elementor monorepo package; stable false positive for this package.	ai	2026/04/29
dependencies	unvetted-dep:@elementor/editor-v1-adapters	AI (dependencies): Sibling Elementor monorepo package; stable false positive for this package.	ai	2026/04/29
dependencies	unvetted-dep:@elementor/editor-panels	AI (dependencies): Sibling Elementor monorepo package; stable false positive for this package.	ai	2026/04/29
dependencies	unvetted-dep:@elementor/icons	AI (dependencies): Sibling Elementor monorepo package; stable false positive for this package.	ai	2026/04/29
dependencies	unvetted-dep:@elementor/menus	AI (dependencies): Sibling Elementor monorepo package; stable false positive for this package.	ai	2026/04/29
dependencies	unvetted-dep:@elementor/utils	AI (dependencies): Sibling Elementor monorepo package; stable false positive for this package.	ai	2026/04/29

Versions (showing 18 of 18)

Version	Deps	Published
4.0.9	23 / 1	2026-05-19
4.0.8	23 / 1	2026-05-12
4.0.7	23 / 1	2026-05-06
4.0.5	23 / 1	2026-04-30
4.0.4	23 / 1	2026-04-28
4.0.0	23 / 1	2026-03-30
3.35.9	22 / 1	2026-03-25
3.35.8	22 / 1	2026-03-23
3.35.7	22 / 1	2026-03-11
3.35.6	22 / 1	2026-03-03
3.35.5	22 / 1	2026-02-17
3.35.4	22 / 1	2026-02-11
3.35.3	22 / 1	2026-02-05
3.35.2	22 / 1	2026-02-05
3.35.1	22 / 1	2026-02-04
3.35.0	22 / 1	2026-02-02
3.34.3	22 / 1	2026-01-26
3.34.2	22 / 1	2026-01-20

v4.0.9

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.8

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.7

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.5

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.35.9

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.35.8

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.35.7

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.35.6

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.35.5

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.35.4

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.35.3

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.35.2

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.35.1

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.35.0

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.34.3

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.34.2

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.