@jupyterlab/git — Greenflagged

A JupyterLab extension for version control using git

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

darianblink1073jasongroutsylvaincorlayminrkzsailertelamonianfcollonvaljtpiogoanpecambektasloichuderkrassowskijupyter-server-release-botjupyterlab-release-botrrosio

Keywords

JupyterJupyterLabjupyterlab-extensionGit

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
publish-pattern	dormant-publish	AI (publish-pattern): Official jupyterlab org package with SLSA provenance; long gap between releases is plausible for a mature extension.	ai	2026/05/16
dependencies	unvetted-dep:nbdime	AI (dependencies): nbdime is a well-known Jupyter project; stable dependency for this package.	ai	2026/05/16
dependencies	unvetted-dep:nbdime-jupyterlab	AI (dependencies): nbdime-jupyterlab is the JupyterLab integration of nbdime; stable dependency for this package.	ai	2026/05/16
phantom-deps	phantom-dep:react-dom	AI (phantom-deps): Peer/config dependency in JupyterLab extension pattern.	ai	2026/04/29
phantom-deps	phantom-dep:@mui/styles	AI (phantom-deps): Referenced in config files per JupyterLab extension pattern.	ai	2026/04/29
phantom-deps	phantom-dep:@emotion/react	AI (phantom-deps): Config-level dependency in JupyterLab extension pattern.	ai	2026/04/29
typosquat	typosquat.levenshtein:got	AI (typosquat): Established JupyterLab extension; name similarity to 'got' is coincidental, not a typosquat.	ai	2026/04/29
phantom-deps	phantom-dep:nbdime-jupyterlab	AI (phantom-deps): Declared as singleton in jupyterlab sharedPackages config, not directly imported.	ai	2026/04/29
phantom-deps	phantom-dep:@jupyterlab/console	AI (phantom-deps): Same-org JupyterLab peer dependency; config-level reference is expected.	ai	2026/04/29
phantom-deps	phantom-dep:@jupyterlab/terminal	AI (phantom-deps): Same-org JupyterLab peer dependency; config-level reference is expected.	ai	2026/04/29
phantom-deps	phantom-dep:@emotion/styled	AI (phantom-deps): Config-level dependency in JupyterLab extension pattern.	ai	2026/04/29
typosquat	typosquat.levenshtein:vite	AI (typosquat): Established JupyterLab extension; name similarity to 'vite' is coincidental, not a typosquat.	ai	2026/04/29
phantom-deps	phantom-dep:@mui/lab	AI (phantom-deps): JupyterLab singleton/shared-package pattern; declared for bundling config, not direct import.	ai	2026/04/29

Versions (showing 3 of 3)

Version	Deps	Published
0.53.0	39 / 45	2026-04-30
0.52.0	39 / 45	2026-03-02
0.51.3	39 / 45	2025-12-10

v0.53.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.51.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.