@jupyterlab/application

JupyterLab - Application

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

darianblink1073jasongroutfcollonvaljtpiombektaskrassowskijupyterlab-release-bot

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	no-provenance	AI (provenance): Established JupyterLab monorepo package published via release bot; lack of Sigstore provenance is a known gap for this publisher, not a security risk.	ai	2026/04/24
maintainer-change	maintainer-removed	AI (maintainer-change): JupyterLab consolidated publishing to a release bot account; large-scale maintainer removal is expected and consistent with the project's release automation strategy.	ai	2026/04/24
dependencies	unvetted-dep:@phosphor/commands	AI (dependencies): @phosphor/commands is part of the legitimate Phosphor.js framework used throughout JupyterLab.	ai	2026/04/24
dependencies	unvetted-dep:@phosphor/algorithm	AI (dependencies): @phosphor/algorithm is part of the legitimate Phosphor.js framework used throughout JupyterLab.	ai	2026/04/24
dependencies	unvetted-dep:@phosphor/coreutils	AI (dependencies): @phosphor/coreutils is part of the legitimate Phosphor.js framework used throughout JupyterLab.	ai	2026/04/24
dependencies	unvetted-dep:@phosphor/messaging	AI (dependencies): @phosphor/messaging is part of the legitimate Phosphor.js framework used throughout JupyterLab.	ai	2026/04/24
dependencies	unvetted-dep:@phosphor/disposable	AI (dependencies): @phosphor/disposable is part of the legitimate Phosphor.js framework used throughout JupyterLab.	ai	2026/04/24
dependencies	unvetted-dep:@phosphor/properties	AI (dependencies): @phosphor/properties is part of the legitimate Phosphor.js framework used throughout JupyterLab.	ai	2026/04/24
dependencies	unvetted-dep:@phosphor/application	AI (dependencies): @phosphor/application is part of the legitimate Phosphor.js framework used throughout JupyterLab.	ai	2026/04/24
phantom-deps	phantom-dep:font-awesome	AI (phantom-deps): font-awesome is referenced in jupyterlab.extraStyles config for CSS bundling — the documented JupyterLab pattern for CSS assets, not a JS import.	ai	2026/04/24
dependencies	unvetted-dep:@phosphor/signaling	AI (dependencies): @phosphor/signaling is part of the legitimate Phosphor.js framework used throughout JupyterLab.	ai	2026/04/24
dependencies	unvetted-dep:@phosphor/widgets	AI (dependencies): @phosphor/widgets is the legitimate Phosphor.js UI framework, a core dependency of JupyterLab. Not suspicious.	ai	2026/04/24
bogus-package	bogus-package	AI (bogus-package): False positive: @jupyterlab/application is a core JupyterLab package with SLSA provenance. Inflated semver signal is because prior versions aren't in this registry, not because it's a new/spam package.	ai	2026/04/21

Versions (showing 7 of 207)

Version	Deps	Published
0.5.0	7 / 2	2017-05-18
0.4.0	7 / 2	2017-05-09
0.3.1	7 / 2	2017-04-21
0.3.0	7 / 2	2017-04-21
0.2.0	7 / 2	2017-04-04
0.1.3	7 / 2	2017-03-21
0.1.1	7 / 2	2017-03-21