@shopify/polaris No license 11 versions

@shopify/polaris

npm Repository Homepage

11

Versions

—

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

shopify-adminshopify-depmishsmellenetlohanpmoloney89maryhartejaimie.rockburnjaykay101

Keywords

shopifypolarisreactcomponentscomponent library

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
phantom-deps	phantom-dep:@types/react	AI (phantom-deps): Type-only peer dep declared for consumers; not directly imported at runtime. Stable pattern for this package.	ai	2026/05/23
phantom-deps	phantom-dep:@types/react-dom	AI (phantom-deps): Same as @types/react — type-only peer dep, not a runtime import.	ai	2026/05/23
phantom-deps	phantom-dep:@types/react-transition-group	AI (phantom-deps): Type-only dependency; phantom-dep false positive for this package.	ai	2026/05/23

Versions (showing 11 of 11)

Version	Deps	Published
13.9.5	7 / 51	2025-03-26
13.9.4	7 / 51	2025-03-17
13.9.2	7 / 51	2024-12-18
13.9.1	7 / 51	2024-10-31
13.9.0	7 / 51	2024-08-01
13.8.1	7 / 51	2024-07-30
13.8.0	7 / 51	2024-07-22
13.7.0	7 / 51	2024-07-16
13.6.1	7 / 51	2024-07-04
13.6.0	7 / 51	2024-06-21
13.5.0	7 / 51	2024-06-03

v13.9.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v13.9.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v13.9.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v13.9.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v13.9.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v13.8.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v13.8.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v13.7.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v13.6.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v13.6.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v13.5.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.