@nvidia-elements/markdown Apache-2.0 9 versions

@nvidia-elements/markdown

npm Repository Homepage

A suite of markdown components and utilities.

9

Versions

Apache-2.0

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

crylanjyanarella

Keywords

markdownweb-components

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
dependencies	unvetted-peer-dep:@nvidia-elements/core	AI (dependencies): Peer dependency within the same NVIDIA elements monorepo; internal ecosystem dependency.	ai	2026/05/30
npm-metadata	suspicious-initial-version	AI (npm-metadata): 0.0.0 is the standard initial version for this NVIDIA monorepo; all sibling packages use the same versioning scheme.	ai	2026/05/18
dependencies	unvetted-dep:markdown-it	AI (dependencies): markdown-it is a well-established, widely-used library; stable false positive for this package.	ai	2026/05/08

Versions (showing 9 of 9)

Version	Deps	Published
0.0.9	2 / 18	2026-05-13
0.0.8	2 / 18	2026-05-01
0.0.7	2 / 18	2026-04-23
0.0.6	2 / 18	2026-04-17
0.0.5	2 / 18	2026-04-17
0.0.4	2 / 18	2026-04-16
0.0.3	2 / 16	2026-04-10
0.0.2	2 / 16	2026-04-06
0.0.0	2 / 16	2026-04-04

v0.0.9

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.8

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.7

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.6

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.