@nvidia-elements/monaco Apache-2.0 11 versions

@nvidia-elements/monaco

npm Repository Homepage

Provides integration with VS Code's Monaco editor for code editing, syntax highlighting, and diff visualization.

11

Versions

Apache-2.0

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

crylanjyanarella

Keywords

monacocode-editorweb-components

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	encoded-string-file:dist/vendor/monaco-editor/editor/editor.main.js	AI (source-diff): Encoded strings are Monaco Editor's built-in binary data (color/tokenizer tables); stable false positive for this package.	ai	2026/05/30
phantom-deps	phantom-dep:lit	AI (phantom-deps): lit is a web component framework; legitimate config-level reference in this package.	ai	2026/05/18
phantom-deps	phantom-dep:@nvidia-elements/forms	AI (phantom-deps): Same-org sibling; declared as runtime dep and used internally.	ai	2026/05/18
dependencies	unvetted-dep:@nvidia-elements/forms	AI (dependencies): Sibling package in the same NVIDIA/elements monorepo; same publisher and trust context.	ai	2026/05/08

Versions (showing 11 of 11)

Version	Deps	Published
0.0.12	3 / 26	2026-06-03
0.0.11	3 / 26	2026-05-13
0.0.10	3 / 26	2026-05-01
0.0.9	3 / 26	2026-05-01
0.0.8	3 / 26	2026-05-01
0.0.7	3 / 26	2026-04-23
0.0.6	3 / 26	2026-04-17
0.0.5	3 / 26	2026-04-17
0.0.4	3 / 26	2026-04-16
0.0.3	3 / 24	2026-04-10
0.0.1	2 / 24	2026-04-06

v0.0.12

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.11

2 findings

HIGH Long encoded string in modified file: dist/vendor/monaco-editor/editor/editor.main.js source-diff

Modified file contains 2 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.10

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.9

2 findings

HIGH Long encoded string in modified file: dist/vendor/monaco-editor/editor/editor.main.js source-diff

Modified file contains 2 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.8

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.7

2 findings

HIGH Long encoded string in modified file: dist/vendor/monaco-editor/editor/editor.main.js source-diff

Modified file contains 2 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.6

2 findings

HIGH Long encoded string in modified file: dist/vendor/monaco-editor/editor/editor.main.js source-diff

Modified file contains 2 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.5

2 findings

HIGH Long encoded string in modified file: dist/vendor/monaco-editor/editor/editor.main.js source-diff

Modified file contains 2 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.4

2 findings

HIGH Long encoded string in modified file: dist/vendor/monaco-editor/editor/editor.main.js source-diff

Modified file contains 2 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.