@lblod/ember-rdfa-editor-lblod-plugins
Ember addon providing lblod specific plugins for the ember-rdfa-editor
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| publish-pattern | rapid-publish | AI (publish-pattern): High-velocity org with 532 versions; rapid publishes are normal CI/CD behavior for this package. | ai | |
| dependencies | unvetted-dep:@lblod/marawa | AI (dependencies): First-party @lblod org package; same publisher org as this addon. | ai | |
| dependencies | unvetted-dep:@lblod/lib-decision-shapes | AI (dependencies): First-party @lblod org package; same publisher org as this addon. | ai | |
| dependencies | unvetted-dep:@lblod/template-uuid-instantiator | AI (dependencies): First-party @lblod org package; same publisher org as this addon. | ai | |
| dependencies | unvetted-dep:n2words | AI (dependencies): Well-known number-to-words utility; low risk for this addon's use case. | ai | |
| phantom-deps | phantom-dep:ember-cli-babel | AI (phantom-deps): Ember build tooling; loaded by convention not direct import. | ai | |
| phantom-deps | phantom-dep:ember-resources | AI (phantom-deps): Ember addon; may be used via template/registry without direct JS import. | ai | |
| phantom-deps | phantom-dep:ember-template-imports | AI (phantom-deps): Ember build tooling; loaded by convention. | ai | |
| phantom-deps | phantom-dep:rdf-ext | AI (phantom-deps): RDF library; may be used indirectly via other RDF deps. | ai | |
| phantom-deps | phantom-dep:@rdfjs/parser-n3 | AI (phantom-deps): RDF library; may be used indirectly. | ai | |
| phantom-deps | phantom-dep:buffer | AI (phantom-deps): Browser polyfill declared for webpack config; standard Ember/embroider pattern. | ai | |
| phantom-deps | phantom-dep:@babel/core | AI (phantom-deps): Framework-scoped build dep; loaded by convention. | ai | |
| phantom-deps | phantom-dep:@lblod/lib-decision-shapes | AI (phantom-deps): Same org scope; likely used via data files not direct JS import. | ai | |
| phantom-deps | phantom-dep:@types/rdfjs__parser-n3 | AI (phantom-deps): Type-only package; not directly imported at runtime. | ai | |
| phantom-deps | phantom-dep:@types/rdf-validate-shacl | AI (phantom-deps): Type-only package; not directly imported at runtime. | ai | |
| provenance | no-provenance | AI (provenance): Established LBLOD org package; lack of provenance is common and not a risk signal here. | ai | |
| phantom-deps | phantom-dep:@rdfjs/data-model | AI (phantom-deps): RDF library; may be used indirectly. | ai | |
| phantom-deps | phantom-dep:process | AI (phantom-deps): Browser polyfill declared for webpack config; standard Ember/embroider pattern. | ai | |
| phantom-deps | phantom-dep:crypto-browserify | AI (phantom-deps): Browser polyfill declared for webpack config; standard Ember/embroider pattern. | ai | |
| phantom-deps | phantom-dep:stream-browserify | AI (phantom-deps): Browser polyfill declared for webpack config; standard Ember/embroider pattern. | ai | |
| phantom-deps | phantom-dep:ember-auto-import | AI (phantom-deps): Ember build tooling; loaded by convention not direct import. | ai |
Versions (showing 15 of 15)
| Version | Deps | Published |
|---|---|---|
| 37.0.3 | 38 / 87 | |
| 37.0.2 | 38 / 87 | |
| 36.0.0 | 38 / 87 | |
| 35.6.0 | 38 / 87 | |
| 35.4.0 | 38 / 86 | |
| 35.3.0 | 38 / 87 | |
| 35.2.0 | 38 / 87 | |
| 35.1.2 | 38 / 87 | |
| 34.1.1 | 38 / 87 | |
| 34.1.0 | 38 / 87 | |
| 34.0.2 | 38 / 87 | |
| 34.0.1 | 38 / 87 | |
| 33.4.0 | 38 / 87 | |
| 33.3.0 | 38 / 87 | |
| 33.2.0 | 38 / 87 |
v37.0.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v37.0.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v36.0.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v35.6.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v35.4.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v35.3.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v35.2.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v35.1.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v34.1.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v34.1.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v34.0.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v34.0.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v33.4.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v33.3.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v33.2.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.