← Home

@plone/volto-slate

npm

Slate.js integration with Volto

10
Versions
MIT
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

agitatortimostollenwerkramonnbebrehaultrobgietemasneridaghmauritsvanreesericofthetpetschkimrtangodavisaglipieronicolli

Keywords

volto-core-addonvolto-addonvolto-slatevolto-slate-addonvoltoplonereact

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
dependencies unvetted-dep:weak-key AI (dependencies): weak-key is a small, benign WeakMap utility; stable false positive for this package. ai
dependencies unvetted-dep:redux-mock-store AI (dependencies): redux-mock-store is a well-known testing utility; no malicious history, stable false positive. ai
phantom-deps phantom-dep:jsdom AI (phantom-deps): jsdom is a declared runtime dep used in SSR/config context; phantom-dep heuristic fires but it's legitimately referenced. ai
phantom-deps phantom-dep:weak-key AI (phantom-deps): Declared dep used indirectly via config; stable false positive for this package. ai
phantom-deps phantom-dep:slate-history AI (phantom-deps): Declared dep used indirectly via config; stable false positive for this package. ai
bogus-package bogus-package AI (bogus-package): Established Plone/Volto ecosystem package; README and metadata signals are false positives. ai

Versions (showing 10 of 10)

Version Deps Published
19.0.2 20 / 4
19.0.1 20 / 3
19.0.0 20 / 3
18.10.0 19 / 4
18.9.2 19 / 4
18.9.1 19 / 4
18.9.0 20 / 3
18.8.1 20 / 3
18.8.0 20 / 3
18.6.0 20 / 3

v19.0.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v19.0.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v19.0.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v18.10.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v18.9.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v18.9.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v18.8.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v18.8.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v18.6.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.