@jupyterlab/workspaces-extension No license 19 versions

@jupyterlab/workspaces-extension

npm Repository Homepage

19

Versions

—

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

darianblink1073jasongroutsylvaincorlayminrkzsailertelamonianfcollonvaljtpiogoanpecambektasloichuderkrassowskijupyter-server-release-botjupyterlab-release-botrrosio

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): JupyterLab migrated releases to GitHub Actions CI; SLSA attestation confirms legitimate CI publish.	ai	2026/05/07
publish-pattern	dormant-publish	AI (publish-pattern): Dormancy reflects release cadence of the JupyterLab monorepo, not account takeover; SLSA attestation present.	ai	2026/05/07
maintainer-change	maintainer-added	AI (maintainer-change): New maintainer rrosio is consistent with JupyterLab org contributor additions; SLSA provenance corroborates legitimacy.	ai	2026/05/07

Versions (showing 19 of 19)

Version	Deps	Published
4.5.8	12 / 3	2026-06-04
4.5.7	12 / 3	2026-04-29
4.5.6	12 / 3	2026-03-11
4.5.5	12 / 3	2026-02-23
4.5.4	12 / 3	2026-02-11
4.5.3	12 / 3	2026-01-23
4.5.2	12 / 3	2026-01-12
4.5.1	12 / 3	2025-12-15
4.5.0	12 / 3	2025-11-18
4.4.10	12 / 3	2025-10-22
4.4.9	12 / 3	2025-09-26
4.4.8	12 / 3	2025-09-25
4.4.7	12 / 3	2025-09-03
4.4.6	12 / 3	2025-08-15
4.4.5	12 / 3	2025-07-20
4.4.4	12 / 3	2025-06-28
4.4.3	12 / 3	2025-05-26
4.4.2	12 / 3	2025-05-06
4.3.8	10 / 3	2025-06-24

v4.5.8

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.5.7

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.5.6

2 findings

HIGH Publisher changed: jupyterlab-release-bot → GitHub Actions (on 2026-03-11) provenance

This version was published by a different npm account than previous versions on 2026-03-11. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.5.5

2 findings

HIGH Publisher changed: jupyterlab-release-bot → GitHub Actions (on 2026-02-23) provenance

This version was published by a different npm account than previous versions on 2026-02-23. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.5.4

2 findings

HIGH Publisher changed: jupyterlab-release-bot → GitHub Actions (on 2026-02-11) provenance

This version was published by a different npm account than previous versions on 2026-02-11. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.5.3

2 findings

HIGH Publisher changed: jupyterlab-release-bot → GitHub Actions (on 2026-01-23) provenance

This version was published by a different npm account than previous versions on 2026-01-23. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.5.2

2 findings

HIGH Publisher changed: jupyterlab-release-bot → GitHub Actions (on 2026-01-12) provenance

This version was published by a different npm account than previous versions on 2026-01-12. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.5.1

2 findings

HIGH Publisher changed: jupyterlab-release-bot → GitHub Actions (on 2025-12-15) provenance

This version was published by a different npm account than previous versions on 2025-12-15. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.5.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.4.10

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.4.9

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.4.8

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.4.7

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.4.6

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.4.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.4.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.4.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.4.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.3.8

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.