@jupyterlab/translation-extension No license 19 versions

@jupyterlab/translation-extension

npm Repository Homepage

19

Versions

—

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

darianblink1073jasongroutfcollonvaljtpiombektaskrassowskijupyterlab-release-bot

Keywords

jupyterjupyterlabjupyterlab-extension

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Transition from jupyterlab-release-bot to GitHub Actions is a CI tooling change for the official jupyterlab org; SLSA attestation confirms integrity.	ai	2026/05/07
publish-pattern	dormant-publish	AI (publish-pattern): Dormancy reflects release cadence of a mature package; SLSA provenance attestation confirms legitimate CI-driven publish.	ai	2026/05/07

Versions (showing 19 of 19)

Version	Deps	Published
4.5.8	5 / 2	2026-06-04
4.5.7	5 / 2	2026-04-29
4.5.6	5 / 2	2026-03-11
4.5.5	5 / 2	2026-02-23
4.5.4	5 / 2	2026-02-11
4.5.3	5 / 2	2026-01-23
4.5.2	5 / 2	2026-01-12
4.5.1	5 / 2	2025-12-15
4.5.0	5 / 2	2025-11-18
4.4.10	5 / 2	2025-10-22
4.4.9	5 / 2	2025-09-26
4.4.8	5 / 2	2025-09-25
4.4.7	5 / 2	2025-09-03
4.4.6	5 / 2	2025-08-15
4.4.5	5 / 2	2025-07-20
4.4.4	5 / 2	2025-06-28
4.4.3	5 / 2	2025-05-26
4.4.2	5 / 2	2025-05-06
4.3.8	5 / 2	2025-06-24

v4.5.8

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.5.7

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.5.6

2 findings

HIGH Publisher changed: jupyterlab-release-bot → GitHub Actions (on 2026-03-11) provenance

This version was published by a different npm account than previous versions on 2026-03-11. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.5.5

2 findings

HIGH Publisher changed: jupyterlab-release-bot → GitHub Actions (on 2026-02-23) provenance

This version was published by a different npm account than previous versions on 2026-02-23. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.5.4

2 findings

HIGH Publisher changed: jupyterlab-release-bot → GitHub Actions (on 2026-02-11) provenance

This version was published by a different npm account than previous versions on 2026-02-11. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.5.3

2 findings

HIGH Publisher changed: jupyterlab-release-bot → GitHub Actions (on 2026-01-23) provenance

This version was published by a different npm account than previous versions on 2026-01-23. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.5.2

2 findings

HIGH Publisher changed: jupyterlab-release-bot → GitHub Actions (on 2026-01-12) provenance

This version was published by a different npm account than previous versions on 2026-01-12. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.5.1

2 findings

HIGH Publisher changed: jupyterlab-release-bot → GitHub Actions (on 2025-12-15) provenance

This version was published by a different npm account than previous versions on 2025-12-15. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.5.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.4.10

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.4.9

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.4.8

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.4.7

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.4.6

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.4.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.4.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.4.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.4.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.3.8

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.