← Home

@myst-theme/landing-pages

npm Repository Homepage

[![myst-demo on npm](https://img.shields.io/npm/v/@myst-theme/landing-pages.svg)](https://www.npmjs.com/package/@myst-theme/landing-pages) [![MIT License](https://img.shields.io/badge/license-MIT-blue.svg)](https://github.com/curvenote/curvenote/blob/main

11
Versions
MIT
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

ebp-botrowanc1stevejpurvesagoose77

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
phantom-deps phantom-dep:myst-spec AI (phantom-deps): Type/config-only dependency in myst-theme monorepo; not directly imported but legitimately declared. ai
phantom-deps phantom-dep:myst-config AI (phantom-deps): Same monorepo sibling; config-file reference pattern is stable across versions. ai
phantom-deps phantom-dep:myst-spec-ext AI (phantom-deps): Same monorepo sibling; config-file reference pattern is stable across versions. ai
phantom-deps phantom-dep:myst-frontmatter AI (phantom-deps): Same monorepo sibling; config-file reference pattern is stable across versions. ai
bogus-package bogus-package AI (bogus-package): Scoped monorepo package; sparse README and no keywords are expected for internal component packages. ai

Versions (showing 11 of 11)

Version Deps Published
1.3.0 10 / 0
1.2.2 10 / 0
1.2.0 10 / 0
1.1.4 10 / 0
1.1.3 10 / 0
1.1.2 10 / 0
1.1.1 10 / 0
1.1.0 10 / 0
1.0.1 10 / 0
1.0.0 10 / 0
0.18.0 10 / 0

v1.3.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.2.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.2.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.1.4

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.1.3

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.1.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.1.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.1.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.18.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.