@khanacademy/wonder-blocks-tabs
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | publisher-changed | AI (provenance): Khan Academy migrated to GitHub Actions publishing with SLSA attestation; expected for this org's packages. | ai | |
| dependencies | unvetted-dep:@khanacademy/wonder-blocks-icon | AI (dependencies): First-party Khan Academy monorepo dependency; stable pattern across all wonder-blocks packages. | ai | |
| dependencies | unvetted-dep:@khanacademy/wonder-blocks-link | AI (dependencies): First-party Khan Academy monorepo dependency; stable pattern across all wonder-blocks packages. | ai | |
| dependencies | unvetted-dep:@khanacademy/wonder-blocks-button | AI (dependencies): First-party Khan Academy monorepo dependency; stable pattern across all wonder-blocks packages. | ai | |
| dependencies | unvetted-dep:@khanacademy/wonder-blocks-core | AI (dependencies): First-party Khan Academy monorepo dependency; stable pattern across all wonder-blocks packages. | ai | |
| dependencies | unvetted-dep:@khanacademy/wonder-blocks-dropdown | AI (dependencies): First-party Khan Academy monorepo dependency; stable pattern across all wonder-blocks packages. | ai | |
| dependencies | unvetted-dep:@khanacademy/wonder-blocks-typography | AI (dependencies): First-party Khan Academy monorepo dependency; stable pattern across all wonder-blocks packages. | ai | |
| dependencies | unvetted-dep:@phosphor-icons/core | AI (dependencies): Well-known open-source icon library; widely used in the ecosystem, no malware indicators. | ai | |
| dependencies | unvetted-dep:@khanacademy/wonder-blocks-tokens | AI (dependencies): First-party Khan Academy monorepo dependency; stable pattern across all wonder-blocks packages. | ai |
Versions (showing 51 of 60)
| Version | Deps | Published |
|---|---|---|
| 0.5.16 | 8 / 1 | |
| 0.5.15 | 8 / 1 | |
| 0.5.14 | 8 / 1 | |
| 0.5.13 | 8 / 1 | |
| 0.5.12 | 8 / 1 | |
| 0.5.11 | 8 / 1 | |
| 0.5.10 | 8 / 1 | |
| 0.5.9 | 8 / 1 | |
| 0.5.8 | 8 / 1 | |
| 0.5.7 | 8 / 1 | |
| 0.5.6 | 8 / 1 | |
| 0.5.5 | 8 / 1 | |
| 0.5.4 | 8 / 1 | |
| 0.5.3 | 8 / 1 | |
| 0.5.2 | 8 / 1 | |
| 0.5.1 | 8 / 1 | |
| 0.5.0 | 8 / 1 | |
| 0.4.3 | 3 / 1 | |
| 0.4.2 | 3 / 1 | |
| 0.4.1 | 3 / 1 | |
| 0.4.0 | 3 / 1 | |
| 0.3.37 | 3 / 1 | |
| 0.3.36 | 3 / 1 | |
| 0.3.35 | 3 / 1 | |
| 0.3.34 | 3 / 1 | |
| 0.3.33 | 3 / 1 | |
| 0.3.32 | 3 / 1 | |
| 0.3.31 | 3 / 1 | |
| 0.3.30 | 3 / 1 | |
| 0.3.29 | 3 / 1 | |
| 0.3.28 | 3 / 1 | |
| 0.3.27 | 3 / 1 | |
| 0.3.26 | 3 / 1 | |
| 0.3.25 | 3 / 1 | |
| 0.3.24 | 3 / 1 | |
| 0.3.23 | 3 / 1 | |
| 0.3.22 | 3 / 1 | |
| 0.3.21 | 3 / 1 | |
| 0.3.20 | 3 / 1 | |
| 0.3.19 | 3 / 1 | |
| 0.3.18 | 3 / 1 | |
| 0.3.17 | 3 / 1 | |
| 0.3.16 | 3 / 1 | |
| 0.3.15 | 3 / 1 | |
| 0.3.14 | 3 / 1 | |
| 0.3.13 | 3 / 1 | |
| 0.3.12 | 3 / 1 | |
| 0.3.11 | 3 / 1 | |
| 0.3.10 | 3 / 1 | |
| 0.3.9 | 3 / 1 | |
| 0.3.8 | 3 / 1 |
v0.5.16
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.15
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.14
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.13
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.12
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.11
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.10
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.9
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.0
2 findingsThis version was published by a different npm account than previous versions on 2025-12-04. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.37
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.36
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.35
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.34
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.33
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.32
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.31
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.30
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.29
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.28
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.27
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.26
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.25
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.24
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.23
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.22
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.21
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.20
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.19
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.18
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.17
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.16
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.15
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.14
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.13
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.12
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.11
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.