@jupyterlab/toc — Greenflagged

JupyterLab - Table of Contents widget

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

darianblink1073jasongroutfcollonvaljtpiombektaskrassowskijupyterlab-release-bot

Keywords

jupyterlab

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
publish-pattern	new-deps-added	AI (publish-pattern): All new deps are canonical JupyterLab/Lumino ecosystem packages. The diff is cross-major-version (5.x vs 6.x), making dependency differences expected and benign for this package.	ai	2026/04/23
source-diff	large-new-source-files	AI (source-diff): Cross-major-version diff (5.x vs 6.x) naturally produces large file count differences. Package has SLSA provenance and is published by the official JupyterLab release bot.	ai	2026/04/23
dependencies	unvetted-dep:@jupyter/react-components	AI (dependencies): @jupyter/react-components is an official Jupyter project package under the @jupyter scope, consistent with JupyterLab's ecosystem. Not a suspicious dependency.	ai	2026/04/23
dependencies	unvetted-dep:@jupyterlab/markdownviewer	AI (dependencies): @jupyterlab/markdownviewer is a first-party JupyterLab package from the same monorepo, published by the same trusted jupyterlab-release-bot. Stable accept for this package.	ai	2026/04/23
typosquat	typosquat.levenshtein:zod	AI (typosquat): Clearly not a typosquat; @jupyterlab/toc is a scoped official JupyterLab package with nearly 3000 days of history.	ai	2026/04/21
typosquat	typosquat.levenshtein:got	AI (typosquat): Clearly not a typosquat; @jupyterlab/toc is a scoped official JupyterLab package with nearly 3000 days of history.	ai	2026/04/21
typosquat	typosquat.levenshtein:koa	AI (typosquat): Clearly not a typosquat; @jupyterlab/toc is a scoped official JupyterLab package with nearly 3000 days of history.	ai	2026/04/21
bogus-package	bogus-package	AI (bogus-package): False positive: @jupyterlab/toc has 2828 days of history and 318 versions. Inflated semver and short README signals do not apply to this long-established package.	ai	2026/04/21
typosquat	typosquat.levenshtein:joi	AI (typosquat): Clearly not a typosquat; @jupyterlab/toc is a scoped official JupyterLab package with nearly 3000 days of history.	ai	2026/04/21

Versions (showing 37 of 137)

Version	Deps	Published
5.1.12	18 / 11	2021-09-22
5.1.11	18 / 11	2021-09-14
5.1.10	18 / 11	2021-09-08
5.1.9	18 / 11	2021-09-01
5.1.8	18 / 11	2021-08-25
5.1.7	18 / 11	2021-08-24
5.1.6	18 / 11	2021-08-16
5.1.5	18 / 11	2021-08-12
5.1.4	18 / 11	2021-08-09
5.1.3	18 / 11	2021-08-05
5.1.2	18 / 11	2021-08-05
5.1.1	18 / 11	2021-08-04
5.1.0	18 / 11	2021-07-27
5.0.14	17 / 10	2021-09-28
5.0.13	17 / 10	2021-08-05
5.0.12	17 / 10	2021-05-18
5.0.11	17 / 10	2021-05-10
5.0.10	17 / 10	2021-04-12
5.0.9	17 / 10	2021-04-08
5.0.8	17 / 10	2021-03-19
5.0.7	17 / 10	2021-03-17
5.0.6	17 / 10	2021-02-22
5.0.5	17 / 10	2021-02-17
5.0.4	17 / 10	2021-01-28
5.0.3	17 / 10	2021-01-14
5.0.2	17 / 10	2021-01-09
5.0.1	17 / 10	2021-01-08
5.0.0	17 / 10	2020-12-24
4.0.0	16 / 10	2020-05-20
3.0.0	16 / 10	2020-03-08
2.0.0	16 / 10	2020-03-03
1.0.1	16 / 10	2019-07-07
0.6.0	15 / 10	2018-10-05
0.5.0	15 / 10	2018-09-11
0.4.0	15 / 10	2018-08-18
0.3.1	15 / 10	2018-07-26
0.3.0	15 / 10	2018-07-25