← Home

@paypal/checkout-components

npm Repository Homepage

PayPal Checkout components, for integrating checkout products.

51
Versions
Apache-2.0
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

sdk-integrations-npmsiokedpaypal-sdksbraintreeseavenlyjfurmanravishekhar00gregjopamnicptelizabethmvnbierdemanremotevisionrygilbert_paypalrosman21wsbrunsonyanisimov_paypalavathaluringseguindustijonessunnypatelbywoodppeelenizsupremarimbrian-paypalcnallamgabrielg-paypalaugreer8

Keywords

cross-domaincross domaincomponentscomponentkrakenjskraken

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
dependencies unvetted-dep:@paypal/accelerated-checkout-loader AI (dependencies): First-party PayPal ecosystem dep; stable across all versions of this package. ai
dependencies unvetted-dep:@krakenjs/zoid AI (dependencies): First-party KrakenJS/PayPal ecosystem dep; stable across all versions of this package. ai
dependencies unvetted-dep:@krakenjs/belter AI (dependencies): First-party KrakenJS/PayPal ecosystem dep; stable across all versions of this package. ai
dependencies unvetted-dep:@paypal/sdk-logos AI (dependencies): First-party PayPal ecosystem dep; stable across all versions of this package. ai
dependencies unvetted-dep:@krakenjs/post-robot AI (dependencies): First-party KrakenJS/PayPal ecosystem dep; stable across all versions of this package. ai
dependencies unvetted-dep:@krakenjs/beaver-logger AI (dependencies): First-party KrakenJS/PayPal ecosystem dep; stable across all versions of this package. ai
dependencies unvetted-dep:@krakenjs/jsx-pragmatic AI (dependencies): First-party KrakenJS/PayPal ecosystem dep; stable across all versions of this package. ai
dependencies unvetted-dep:@krakenjs/zalgo-promise AI (dependencies): First-party KrakenJS/PayPal ecosystem dep; stable across all versions of this package. ai
dependencies unvetted-dep:@paypal/common-components AI (dependencies): First-party PayPal ecosystem dep; stable across all versions of this package. ai
dependencies unvetted-dep:@paypal/funding-components AI (dependencies): First-party PayPal ecosystem dep; stable across all versions of this package. ai
dependencies unvetted-dep:@krakenjs/cross-domain-utils AI (dependencies): First-party KrakenJS/PayPal ecosystem dep; stable across all versions of this package. ai
provenance no-provenance AI (provenance): Established PayPal package; lack of Sigstore provenance is consistent across all prior versions. ai

Versions (showing 51 of 55)

View all versions
Version Deps Published
5.0.420 13 / 36
5.0.416 13 / 36
5.0.415 13 / 36
5.0.414 13 / 36
5.0.413 13 / 36
5.0.412 13 / 36
5.0.411 13 / 36
5.0.409 13 / 36
5.0.408 13 / 36
5.0.407 13 / 36
5.0.406 13 / 36
5.0.405 13 / 36
5.0.404 13 / 36
5.0.403 13 / 36
5.0.402 13 / 36
5.0.401 13 / 36
5.0.400 13 / 36
5.0.399 13 / 36
5.0.397 13 / 36
5.0.396 13 / 36
5.0.395 13 / 36
5.0.394 13 / 36
5.0.393 13 / 36
5.0.392 13 / 36
5.0.391 13 / 36
5.0.390 13 / 36
5.0.389 13 / 36
5.0.388 13 / 36
5.0.387 13 / 36
5.0.386 13 / 36
5.0.385 13 / 36
5.0.384 13 / 36
5.0.383 13 / 36
5.0.382 13 / 36
5.0.381 13 / 36
5.0.380 13 / 36
5.0.379 13 / 36
5.0.378 13 / 36
5.0.377 13 / 36
5.0.376 13 / 36
5.0.375 13 / 36
5.0.374 13 / 36
5.0.373 13 / 36
5.0.372 13 / 36
5.0.371 13 / 36
5.0.370 13 / 36
5.0.369 13 / 36
5.0.368 13 / 36
5.0.367 13 / 36
5.0.366 13 / 36
5.0.365 13 / 36

v5.0.420

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.0.416

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.0.415

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.0.414

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.0.413

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.0.411

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.0.409

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.0.408

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.0.407

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.0.406

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.0.405

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.0.404

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.0.403

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.0.402

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.0.401

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.0.400

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.0.399

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.0.397

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.0.396

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.0.395

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.0.394

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.0.393

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.0.392

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.0.391

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.0.390

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.0.389

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.0.388

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.0.387

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.0.386

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.0.385

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.0.384

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.0.383

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.0.382

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.0.381

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.0.380

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.0.379

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.0.378

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.0.377

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.0.376

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.0.375

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.0.374

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.0.373

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.0.372

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.0.371

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.0.370

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.0.369

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.0.368

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.0.367

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.0.366

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.0.365

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.