@jupyterlab/rendermime-interfaces

JupyterLab - Interfaces for Mime Renderers

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

darianblink1073jasongroutfcollonvaljtpiombektaskrassowskijupyterlab-release-bot

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	missing-githead	AI (provenance): Missing gitHead is consistent with the switch to jupyterlab-release-bot CI/CD pipeline; no malicious indicators present.	ai	2026/04/23
maintainer-change	maintainer-added	AI (maintainer-change): JupyterLab transitioned to a release-bot model; new maintainers are known JupyterLab contributors/infrastructure. This pattern is stable for this package.	ai	2026/04/23
maintainer-change	maintainer-removed	AI (maintainer-change): Large maintainer removal reflects JupyterLab's documented transition to release-bot automation. Historical contributors stepping back is expected and stable for this package.	ai	2026/04/23
provenance	publisher-changed	AI (provenance): JupyterLab migrated from jupyterlab-release-bot to GitHub Actions with SLSA provenance attestation — a legitimate and more secure CI/CD publishing transition for this well-established package.	ai	2026/04/23
dependencies	unvetted-dep:@lumino/widgets	AI (dependencies): Core Lumino dependency within JupyterLab ecosystem; unvetted status is acceptable for established transitive dependencies.	ai	2026/04/21
dependencies	unvetted-dep:@lumino/coreutils	AI (dependencies): Core Lumino dependency within JupyterLab ecosystem; unvetted status is acceptable for established transitive dependencies.	ai	2026/04/21
bogus-package	bogus-package	AI (bogus-package): Well-known JupyterLab sub-package with 82.7k weekly downloads; README and keyword signals are false positives for this scoped interface package.	ai	2026/04/21

Versions (showing 61 of 161)

Version	Deps	Published
3.1.13	3 / 3	2021-09-27
3.1.12	3 / 3	2021-09-22
3.1.11	3 / 3	2021-09-14
3.1.10	3 / 3	2021-09-08
3.1.9	3 / 3	2021-09-01
3.1.8	3 / 3	2021-08-25
3.1.7	3 / 3	2021-08-24
3.1.6	3 / 3	2021-08-16
3.1.5	3 / 3	2021-08-12
3.1.4	3 / 3	2021-08-09
3.1.3	3 / 3	2021-08-05
3.1.2	3 / 3	2021-08-05
3.1.1	3 / 3	2021-08-04
3.1.0	3 / 3	2021-07-27
3.0.10	3 / 3	2021-08-05
3.0.9	3 / 3	2021-05-18
3.0.8	3 / 3	2021-05-10
3.0.7	3 / 3	2021-04-12
3.0.6	3 / 3	2021-04-08
3.0.5	3 / 3	2021-02-22
3.0.4	3 / 3	2021-02-17
3.0.3	3 / 3	2021-01-28
3.0.2	3 / 3	2021-01-09
3.0.1	3 / 3	2021-01-08
3.0.0	3 / 3	2020-12-24
2.3.0	2 / 3	2021-03-19
2.2.1	2 / 3	2020-10-23
2.2.0	2 / 3	2020-07-15
2.1.0	2 / 3	2020-04-06
2.0.1	2 / 3	2020-03-06
2.0.0	2 / 3	2020-02-28
1.5.0	2 / 3	2019-10-29
1.4.0	2 / 3	2019-08-28
1.3.1	2 / 3	2019-08-16
1.3.0	2 / 3	2019-06-28
1.2.1	2 / 3	2018-10-05
1.1.7	2 / 2	2018-08-24
1.1.6	2 / 2	2018-08-21
1.1.5	2 / 2	2018-08-18
1.1.3	2 / 2	2018-08-16
1.1.2	2 / 2	2018-07-27
1.1.1	2 / 2	2018-07-25
1.0.10	2 / 2	2018-04-28
1.0.9	2 / 2	2018-04-16
1.0.8	2 / 2	2018-04-14
1.0.7	2 / 2	2018-04-11
1.0.6	2 / 2	2018-02-06
1.0.5	2 / 2	2018-02-05
1.0.4	2 / 2	2018-01-25
1.0.3	2 / 2	2018-01-13
1.0.2	2 / 2	2018-01-10
1.0.1	2 / 2	2017-12-23
1.0.0	2 / 2	2017-12-23
0.4.3	2 / 2	2017-12-02
0.4.2	2 / 2	2017-11-09
0.4.1	2 / 2	2017-10-13
0.4.0	2 / 2	2017-10-12
0.3.1	2 / 2	2017-08-23
0.3.0	2 / 2	2017-07-21
0.2.1	2 / 2	2017-07-11
0.2.0	2 / 2	2017-07-07

v3.1.13

2 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: blink1073.