@remotion/bundler
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| publish-pattern | new-deps-added | AI (publish-pattern): New dep is a first-party @remotion/* package pinned to the same monorepo version; not a third-party supply-chain risk. | ai | |
| dependencies | unvetted-dep:@remotion/studio | AI (dependencies): Sibling package in the remotion monorepo, always released at the same version; not an independent risk. | ai |
Versions (showing 51 of 169)
| Version | Deps | Published |
|---|---|---|
| 4.0.473 | 12 / 5 | |
| 4.0.472 | 12 / 5 | |
| 4.0.471 | 12 / 5 | |
| 4.0.470 | 12 / 5 | |
| 4.0.469 | 12 / 5 | |
| 4.0.468 | 12 / 5 | |
| 4.0.467 | 12 / 5 | |
| 4.0.466 | 14 / 5 | |
| 4.0.465 | 14 / 5 | |
| 4.0.464 | 14 / 5 | |
| 4.0.463 | 14 / 5 | |
| 4.0.462 | 14 / 5 | |
| 4.0.461 | 14 / 5 | |
| 4.0.460 | 14 / 5 | |
| 4.0.459 | 14 / 5 | |
| 4.0.458 | 14 / 5 | |
| 4.0.457 | 14 / 5 | |
| 4.0.456 | 14 / 5 | |
| 4.0.455 | 14 / 5 | |
| 4.0.454 | 14 / 5 | |
| 4.0.453 | 14 / 5 | |
| 4.0.452 | 14 / 5 | |
| 4.0.451 | 14 / 5 | |
| 4.0.450 | 14 / 5 | |
| 4.0.449 | 14 / 5 | |
| 4.0.448 | 14 / 5 | |
| 4.0.447 | 14 / 5 | |
| 4.0.446 | 14 / 5 | |
| 4.0.445 | 14 / 5 | |
| 4.0.444 | 14 / 5 | |
| 4.0.443 | 14 / 5 | |
| 4.0.442 | 14 / 5 | |
| 4.0.441 | 14 / 5 | |
| 4.0.440 | 14 / 5 | |
| 4.0.439 | 14 / 5 | |
| 4.0.438 | 12 / 5 | |
| 4.0.437 | 12 / 5 | |
| 4.0.436 | 12 / 5 | |
| 4.0.435 | 12 / 5 | |
| 4.0.434 | 12 / 5 | |
| 4.0.433 | 12 / 5 | |
| 4.0.432 | 12 / 5 | |
| 4.0.431 | 12 / 5 | |
| 4.0.430 | 12 / 5 | |
| 4.0.429 | 12 / 5 | |
| 4.0.428 | 12 / 5 | |
| 4.0.427 | 12 / 5 | |
| 4.0.426 | 12 / 5 | |
| 4.0.425 | 10 / 5 | |
| 4.0.424 | 10 / 5 | |
| 4.0.423 | 10 / 4 |
v4.0.473
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.472
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.471
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.470
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.469
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.468
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.467
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.466
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.465
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.464
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.463
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.462
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.461
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.460
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.459
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.458
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.457
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.456
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.455
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.454
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.441
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.440
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.439
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.438
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.437
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.436
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.435
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.434
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.433
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.432
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.431
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.430
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.429
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.428
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.427
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.426
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.425
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.424
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.423
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.