@papit/theme-picker LicenseRef-Papit-1.0 6 versions

@papit/theme-picker

npm Repository Homepage

A simple yet elegant answer to a theme picker, light dark and system with powerful yet simple control

6

Versions

LicenseRef-Papit-1.0

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

papit

Keywords

papitweb-componenttypescripttheme-picker

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Package publishes via GitHub Actions CI with SLSA attestation; publisher=GitHub Actions is expected for this org.	ai	2026/05/04
phantom-deps	phantom-dep:@papit/icon	AI (phantom-deps): Same-org scoped dependencies in web-component library; likely re-exported.	ai	2026/04/29
phantom-deps	phantom-dep:@papit/menu	AI (phantom-deps): Same-org scoped dependencies in web-component library; likely re-exported.	ai	2026/04/29
phantom-deps	phantom-dep:@papit/tooltip	AI (phantom-deps): Same-org scoped dependencies in web-component library; likely re-exported.	ai	2026/04/29

Versions (showing 6 of 6)

Version	Deps	Published
0.0.6	4 / 6	2026-05-16
0.0.5	4 / 6	2026-05-13
0.0.4	4 / 6	2026-05-06
0.0.3	4 / 6	2026-05-04
0.0.2	4 / 6	2026-04-30
0.0.1	4 / 6	2026-04-27

v0.0.6

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.2

2 findings

HIGH Publisher changed: papit → GitHub Actions (on 2026-04-30) provenance

This version was published by a different npm account than previous versions on 2026-04-30. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.