← Home

@rspress/core

npm Repository Homepage
5
Versions
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

chenjiahan

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
phantom-deps phantom-dep:@types/unist AI (phantom-deps): Type-only peer dep used by convention in mdast/unist ecosystem; stable false positive for this package. ai
phantom-deps phantom-dep:mdast-util-mdx AI (phantom-deps): Referenced in config/plugin files; stable false positive for this MDX-based framework. ai
phantom-deps phantom-dep:react-reconciler AI (phantom-deps): Used indirectly via react-render-to-markdown; stable false positive for this package. ai
bogus-package bogus-package AI (bogus-package): Large framework package; README style and missing keywords are not spam indicators for this established project. ai
typosquat typosquat.levenshtein:cors AI (typosquat): @rspress/core is a well-established doc framework, not a typosquat of cors; name similarity is coincidental. ai

Versions (showing 5 of 5)

Version Deps Published
2.0.10 38 / 32
2.0.9 38 / 32
2.0.8 45 / 28
2.0.4 43 / 28
2.0.2 42 / 28

v2.0.10

2 findings
HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@rspress/core' is 1 edit(s) away from popular package 'cors'.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.9

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.8

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.4

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.