← Home

@newrelic/gatsby-theme-newrelic

npm Repository Homepage

[![Community Project header](https://github.com/newrelic/opensource-website/raw/master/src/images/categories/Community_Project.png)](https://opensource.newrelic.com/oss-category/#community-project)

7
Versions
Apache-2.0
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

newrelic

Keywords

gatsbygatsby-themegatsby-pluginreactnewrelic

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
dependencies unvetted-dep:gatsby-plugin-use-dark-mode AI (dependencies): Standard Gatsby plugin; stable dep. ai
dependencies unvetted-dep:use-media AI (dependencies): Small React hook utility; stable dep in this long-lived package. ai
dependencies unvetted-dep:react-typist AI (dependencies): UI animation library; no security concern for this package. ai
dependencies unvetted-dep:use-dark-mode AI (dependencies): Theme utility; stable dep in this long-lived package. ai
dependencies unvetted-dep:gatsby-plugin-layout AI (dependencies): Standard Gatsby plugin; stable dep in this package. ai
dependencies unvetted-dep:gatsby-plugin-portal AI (dependencies): Standard Gatsby plugin; stable dep in this package. ai
dependencies unvetted-dep:react-middle-ellipsis AI (dependencies): Small UI utility; no security concern. ai
dependencies unvetted-dep:gatsby-plugin-newrelic AI (dependencies): First-party New Relic plugin; stable dep. ai
dependencies unvetted-dep:gatsby-plugin-robots-txt AI (dependencies): Standard SEO plugin; stable dep. ai
provenance no-provenance AI (provenance): New Relic publishes many packages without Sigstore provenance; not a risk signal for this org. ai
phantom-deps phantom-dep:gatsby-plugin-emotion AI (phantom-deps): Config-only reference; stable false positive for this Gatsby theme. ai
phantom-deps phantom-dep:gatsby-plugin-sitemap AI (phantom-deps): Config-only reference; stable false positive for this Gatsby theme. ai
phantom-deps phantom-dep:gatsby-plugin-newrelic AI (phantom-deps): Config-only reference; stable false positive for this Gatsby theme. ai
semgrep semgrep:dynamic-require AI (semgrep): Dynamic require is used only to load locale-specific i18n JSON files by path pattern; not arbitrary module loading. ai
phantom-deps phantom-dep:gatsby-transformer-sharp AI (phantom-deps): Config-only reference; stable false positive for this Gatsby theme. ai
phantom-deps phantom-dep:gatsby-plugin-react-helmet AI (phantom-deps): Config-only reference; stable false positive for this Gatsby theme. ai
phantom-deps phantom-dep:gatsby-plugin-use-dark-mode AI (phantom-deps): Config-only reference; stable false positive for this Gatsby theme. ai
phantom-deps phantom-dep:gatsby-plugin-robots-txt AI (phantom-deps): Config-only reference; stable false positive for this Gatsby theme. ai
phantom-deps phantom-dep:katex AI (phantom-deps): Gatsby theme plugin; deps referenced in config files rather than direct imports is normal for this package type. ai
phantom-deps phantom-dep:terser AI (phantom-deps): Config-only reference; stable false positive for this Gatsby theme. ai
phantom-deps phantom-dep:remark-math AI (phantom-deps): Config-only reference; stable false positive for this Gatsby theme. ai
phantom-deps phantom-dep:rehype-katex AI (phantom-deps): Config-only reference; stable false positive for this Gatsby theme. ai
phantom-deps phantom-dep:use-dark-mode AI (phantom-deps): Config-only reference; stable false positive for this Gatsby theme. ai
phantom-deps phantom-dep:gatsby-plugin-sharp AI (phantom-deps): Config-only reference; stable false positive for this Gatsby theme. ai
phantom-deps phantom-dep:babel-plugin-prismjs AI (phantom-deps): Config-only reference; stable false positive for this Gatsby theme. ai
phantom-deps phantom-dep:gatsby-plugin-layout AI (phantom-deps): Config-only reference; stable false positive for this Gatsby theme. ai
phantom-deps phantom-dep:gatsby-plugin-portal AI (phantom-deps): Config-only reference; stable false positive for this Gatsby theme. ai

Versions (showing 7 of 7)

Version Deps Published
9.15.0 48 / 11
9.14.0 48 / 11
9.13.0 48 / 11
9.12.3 45 / 11
9.12.2 46 / 11
9.12.0 46 / 11
9.11.3 46 / 11

v9.15.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.14.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.13.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v9.12.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v9.12.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v9.12.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v9.11.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.