@pretextbook/web-editor
A web-based editor for PreTeXt documents, with simple preview functionality
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:@pretextbook/remark-pretext | AI (phantom-deps): Same-org package; declared as runtime dep and likely re-exported rather than directly imported in analyzed entry points. | ai | |
| publish-pattern | new-deps-added | AI (publish-pattern): @dnd-kit/core, @dnd-kit/sortable, @dnd-kit/utilities are established, well-known drag-and-drop libraries with no malicious history. | ai | |
| dependencies | unvetted-dep:@pretextbook/completions | AI (dependencies): Same org scope; legitimate first-party dependency for this PreTeXt editor package. | ai | |
| dependencies | unvetted-dep:@pretextbook/latex-pretext | AI (dependencies): Same org scope; legitimate first-party dependency for this PreTeXt editor package. | ai | |
| dependencies | unvetted-dep:xast-util-from-xml | AI (dependencies): Well-known unist/xast ecosystem utility; expected dependency for XML processing in a PreTeXt editor. | ai | |
| dependencies | unvetted-dep:xast-util-to-xml | AI (dependencies): Well-known unist/xast ecosystem utility; expected dependency for XML processing in a PreTeXt editor. | ai | |
| dependencies | unvetted-dep:@pretextbook/format | AI (dependencies): Same org scope; legitimate first-party dependency for this PreTeXt editor package. | ai | |
| phantom-deps | phantom-dep:@tiptap/extension-hard-break | AI (phantom-deps): Build-time bundled library; phantom-dep heuristic fires on config-referenced deps, not a real import gap. | ai | |
| phantom-deps | phantom-dep:@dnd-kit/utilities | AI (phantom-deps): Bundled library dep; referenced in config. Stable FP. | ai | |
| phantom-deps | phantom-dep:@tiptap/extensions | AI (phantom-deps): Bundled library dep; referenced in config. Stable FP. | ai | |
| phantom-deps | phantom-dep:xast-util-from-xml | AI (phantom-deps): Bundled library dep; referenced in config. Stable FP. | ai | |
| phantom-deps | phantom-dep:@pretextbook/format | AI (phantom-deps): Same-org dep; bundled. Stable FP. | ai | |
| phantom-deps | phantom-dep:@monaco-editor/react | AI (phantom-deps): Bundled library dep; referenced in config. Stable FP. | ai | |
| phantom-deps | phantom-dep:hast-util-whitespace | AI (phantom-deps): Bundled library dep; referenced in config. Stable FP. | ai | |
| phantom-deps | phantom-dep:@tiptap/pm | AI (phantom-deps): Bundled library; deps used via build config, not direct imports. Stable FP for this package. | ai | |
| phantom-deps | phantom-dep:@tiptap/extension-text | AI (phantom-deps): Bundled library dep; referenced in config. Stable FP. | ai | |
| phantom-deps | phantom-dep:react-resizable-panels | AI (phantom-deps): Bundled library dep; referenced in config. Stable FP. | ai | |
| phantom-deps | phantom-dep:@pretextbook/completions | AI (phantom-deps): Same-org dep; bundled. Stable FP. | ai | |
| phantom-deps | phantom-dep:@pretextbook/latex-pretext | AI (phantom-deps): Same-org dep; bundled. Stable FP. | ai | |
| phantom-deps | phantom-dep:@tiptap/extension-code-block | AI (phantom-deps): Bundled library dep; referenced in config. Stable FP. | ai | |
| phantom-deps | phantom-dep:@tiptap/extension-list | AI (phantom-deps): Bundled library dep; referenced in config. Stable FP. | ai | |
| phantom-deps | phantom-dep:tailwindcss | AI (phantom-deps): CSS framework used via vite/build config, not direct import. Stable FP. | ai | |
| phantom-deps | phantom-dep:@dnd-kit/core | AI (phantom-deps): Bundled component library dep; referenced in config. Stable FP. | ai | |
| phantom-deps | phantom-dep:@floating-ui/dom | AI (phantom-deps): Bundled library dep; referenced in config. Stable FP. | ai | |
| phantom-deps | phantom-dep:unist-util-visit | AI (phantom-deps): Bundled library dep; referenced in config. Stable FP. | ai | |
| phantom-deps | phantom-dep:xast-util-to-xml | AI (phantom-deps): Bundled library dep; referenced in config. Stable FP. | ai | |
| phantom-deps | phantom-dep:@dnd-kit/sortable | AI (phantom-deps): Bundled library dep; referenced in config. Stable FP. | ai | |
| phantom-deps | phantom-dep:@tailwindcss/vite | AI (phantom-deps): Build tool plugin; used in vite config. Stable FP. | ai |
Versions (showing 13 of 13)
| Version | Deps | Published |
|---|---|---|
| 0.0.34 | 12 / 14 | |
| 0.0.33 | 23 / 15 | |
| 0.0.32 | 23 / 15 | |
| 0.0.31 | 23 / 15 | |
| 0.0.30 | 23 / 15 | |
| 0.0.29 | 23 / 15 | |
| 0.0.28 | 23 / 15 | |
| 0.0.27 | 20 / 15 | |
| 0.0.26 | 20 / 15 | |
| 0.0.25 | 20 / 15 | |
| 0.0.24 | 20 / 15 | |
| 0.0.23 | 20 / 15 | |
| 0.0.22 | 20 / 15 |
v0.0.34
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.33
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.32
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.31
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.30
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.29
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.28
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.27
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.26
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.25
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.24
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.23
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.22
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.