@htmlbricks/hb-checkout
End-to-end checkout flow: editable billing/shipping user profile (`hb-form`), shipment method choice, optional card form, Google Pay (`@google-pay/button-element`), and PayPal via `hb-payment-paypal` according to `gateways` and `payment` JSON. Parses stri
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:api-obfuscation-reflect | AI (semgrep): Fires on Svelte-compiled IIFE bundle output; not obfuscation, stable pattern for this package. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Scoped component library in a large monorepo; missing repo/keywords/deps is a consistent metadata pattern, not spam. | ai |
Versions (showing 51 of 243)
| Version | Deps | Published |
|---|---|---|
| 0.76.5 | 0 / 0 | |
| 0.76.4 | 0 / 0 | |
| 0.76.3 | 0 / 0 | |
| 0.76.2 | 0 / 0 | |
| 0.76.1 | 0 / 0 | |
| 0.76.0 | 0 / 0 | |
| 0.74.1 | 0 / 0 | |
| 0.74.0 | 0 / 0 | |
| 0.73.7 | 0 / 0 | |
| 0.73.5 | 0 / 0 | |
| 0.73.4 | 0 / 0 | |
| 0.73.3 | 0 / 0 | |
| 0.73.2 | 0 / 0 | |
| 0.73.1 | 0 / 0 | |
| 0.73.0 | 0 / 0 | |
| 0.72.1 | 0 / 0 | |
| 0.72.0 | 0 / 0 | |
| 0.71.37 | 0 / 0 | |
| 0.71.36 | 0 / 0 | |
| 0.71.35 | 0 / 0 | |
| 0.71.34 | 0 / 0 | |
| 0.71.33 | 0 / 0 | |
| 0.71.32 | 0 / 0 | |
| 0.71.30 | 0 / 0 | |
| 0.71.29 | 0 / 0 | |
| 0.71.28 | 0 / 0 | |
| 0.71.27 | 0 / 0 | |
| 0.71.26 | 0 / 0 | |
| 0.71.25 | 0 / 0 | |
| 0.71.24 | 0 / 0 | |
| 0.71.23 | 0 / 0 | |
| 0.71.22 | 0 / 0 | |
| 0.71.21 | 0 / 0 | |
| 0.71.20 | 0 / 0 | |
| 0.71.19 | 0 / 0 | |
| 0.71.18 | 0 / 0 | |
| 0.71.16 | 0 / 0 | |
| 0.71.15 | 0 / 0 | |
| 0.71.14 | 0 / 0 | |
| 0.71.13 | 0 / 0 | |
| 0.71.12 | 0 / 0 | |
| 0.71.10 | 0 / 0 | |
| 0.71.9 | 0 / 0 | |
| 0.71.8 | 0 / 0 | |
| 0.71.7 | 0 / 0 | |
| 0.71.6 | 0 / 0 | |
| 0.71.4 | 0 / 0 | |
| 0.71.3 | 0 / 0 | |
| 0.71.2 | 0 / 0 | |
| 0.71.1 | 0 / 0 | |
| 0.71.0 | 0 / 0 |
v0.76.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.76.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.76.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.76.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.76.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.76.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.74.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.74.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.73.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.73.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.73.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.73.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.73.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.73.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.73.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.72.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.72.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.71.37
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.71.36
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.71.35
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.71.34
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.71.33
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.71.32
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.71.30
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.71.29
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.71.28
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.71.27
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.71.26
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.71.25
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.71.24
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.71.23
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.71.22
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.71.21
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.71.20
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.71.19
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.71.18
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.71.16
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.71.15
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.71.14
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.71.13
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.71.12
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.71.10
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.71.9
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.71.8
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.71.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.71.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.71.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.71.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.71.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.71.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.71.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.