@jupyterlab/outputarea
JupyterLab - Notebook Output Area
4
Versions
BSD-3-Clause
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
No source commit
Maintainers
darianblink1073jasongroutfcollonvaljtpiombektaskrassowskijupyterlab-release-bot
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | publisher-changed | AI (provenance): JupyterLab migrated release automation from jupyterlab-release-bot to GitHub Actions with SLSA/Sigstore attestation. This is a documented infrastructure change, not a compromise. Generalizes to all future versions. | ai | |
| bogus-package | bogus-package | AI (bogus-package): @jupyterlab/outputarea is a well-known monorepo sub-package with 66.5k weekly downloads and 431 versions. Minimal README and no keywords are consistent across the entire JupyterLab monorepo; not a spam indicator. | ai |
Versions (showing 4 of 204)
| Version | Deps | Published |
|---|---|---|
| 0.3.0 | 10 / 2 | |
| 0.2.0 | 10 / 2 | |
| 0.1.3 | 10 / 2 | |
| 0.1.2 | 10 / 2 |
v0.3.0
1 finding
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.0
1 finding
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.3
1 finding
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.2
1 finding
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.