@skeletonlabs/skeleton-common
The common package for Skeleton.
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/index.mjs | AI (source-diff): dist/index.mjs is a tsdown-bundled ESM output with long Tailwind class strings; not obfuscated, stable pattern for this package. | ai | |
| source-diff | obfuscated-file:dist/skeleton/dist/themes/catppuccin.mjs | AI (source-diff): CSS theme bundled as JS string literal; long lines are CSS variable declarations, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/skeleton/dist/themes/cerberus.mjs | AI (source-diff): CSS theme bundled as JS string literal; long lines are CSS variable declarations, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/skeleton/dist/themes/concord.mjs | AI (source-diff): CSS theme bundled as JS string literal; long lines are CSS variable declarations, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/skeleton/dist/themes/crimson.mjs | AI (source-diff): CSS theme bundled as JS string literal; long lines are CSS variable declarations, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/skeleton/dist/themes/fennec.mjs | AI (source-diff): CSS theme bundled as JS string literal; long lines are CSS variable declarations, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/skeleton/dist/themes/hamlindigo.mjs | AI (source-diff): CSS theme bundled as JS string literal; long lines are CSS variable declarations, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/skeleton/dist/themes/legacy.mjs | AI (source-diff): CSS theme bundled as JS string literal; long lines are CSS variable declarations, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/skeleton/dist/themes/mint.mjs | AI (source-diff): CSS theme bundled as JS string literal; long lines are CSS variable declarations, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/skeleton/dist/themes/modern.mjs | AI (source-diff): CSS theme bundled as JS string literal; long lines are CSS variable declarations, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/skeleton/dist/themes/mona.mjs | AI (source-diff): CSS theme bundled as JS string literal; long lines are CSS variable declarations, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/skeleton/dist/themes/nouveau.mjs | AI (source-diff): CSS theme bundled as JS string literal; long lines are CSS variable declarations, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/skeleton/dist/themes/pine.mjs | AI (source-diff): CSS theme bundled as JS string literal; long lines are CSS variable declarations, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/skeleton/dist/themes/reign.mjs | AI (source-diff): CSS theme bundled as JS string literal; long lines are CSS variable declarations, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/skeleton/dist/themes/rocket.mjs | AI (source-diff): CSS theme bundled as JS string literal; long lines are CSS variable declarations, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/skeleton/dist/themes/rose.mjs | AI (source-diff): CSS theme bundled as JS string literal; long lines are CSS variable declarations, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/skeleton/dist/themes/sahara.mjs | AI (source-diff): CSS theme bundled as JS string literal; long lines are CSS variable declarations, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/skeleton/dist/themes/seafoam.mjs | AI (source-diff): CSS theme bundled as JS string literal; long lines are CSS variable declarations, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/skeleton/dist/themes/terminus.mjs | AI (source-diff): CSS theme bundled as JS string literal; long lines are CSS variable declarations, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/skeleton/dist/themes/vintage.mjs | AI (source-diff): CSS theme bundled as JS string literal; long lines are CSS variable declarations, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/skeleton/dist/themes/nosh.mjs | AI (source-diff): CSS theme bundled as JS string literal; long lines are CSS variable declarations, not obfuscation. | ai | |
| email-domain | unclaimed-email:skeletonlabs.dev | AI (email-domain): SLSA provenance attestation via Sigstore confirms CI-published; established org with 77 versions mitigates domain hijack risk. | ai |
Versions (showing 43 of 43)
| Version | Deps | Published |
|---|---|---|
| 4.15.2 | 0 / 0 | |
| 4.15.1 | 0 / 0 | |
| 4.15.0 | 0 / 0 | |
| 4.14.0 | 0 / 0 | |
| 4.13.0 | 0 / 0 | |
| 4.12.1 | 0 / 0 | |
| 4.12.0 | 0 / 0 | |
| 4.11.0 | 0 / 0 | |
| 4.10.0 | 0 / 0 | |
| 4.9.0 | 0 / 0 | |
| 4.8.0 | 0 / 0 | |
| 4.7.4 | 0 / 0 | |
| 4.7.3 | 0 / 0 | |
| 4.7.2 | 0 / 0 | |
| 4.7.1 | 0 / 0 | |
| 4.7.0 | 0 / 0 | |
| 4.6.1 | 0 / 0 | |
| 4.6.0 | 0 / 0 | |
| 4.5.3 | 0 / 0 | |
| 4.5.2 | 0 / 0 | |
| 4.5.1 | 0 / 0 | |
| 4.5.0 | 0 / 6 | |
| 4.4.1 | 0 / 6 | |
| 4.4.0 | 0 / 6 | |
| 4.3.4 | 0 / 6 | |
| 4.3.3 | 0 / 6 | |
| 4.3.2 | 0 / 6 | |
| 4.3.1 | 0 / 6 | |
| 4.3.0 | 0 / 6 | |
| 4.2.4 | 0 / 6 | |
| 4.2.3 | 0 / 6 | |
| 4.2.2 | 0 / 6 | |
| 4.2.1 | 0 / 6 | |
| 4.2.0 | 0 / 6 | |
| 4.1.5 | 0 / 6 | |
| 4.1.4 | 0 / 6 | |
| 4.1.3 | 0 / 6 | |
| 4.1.2 | 0 / 6 | |
| 4.1.1 | 0 / 6 | |
| 4.1.0 | 0 / 6 | |
| 4.0.2 | 0 / 6 | |
| 4.0.1 | 0 / 6 | |
| 4.0.0 | 0 / 6 |
v4.15.2
2 findingsMaintainer email '[email protected]' uses domain 'skeletonlabs.dev' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.15.1
2 findingsMaintainer email '[email protected]' uses domain 'skeletonlabs.dev' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.15.0
2 findingsMaintainer email '[email protected]' uses domain 'skeletonlabs.dev' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.14.0
2 findingsMaintainer email '[email protected]' uses domain 'skeletonlabs.dev' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.13.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.12.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.12.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.11.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.10.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.9.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.8.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.7.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.7.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.7.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.7.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.7.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.6.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.6.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.5.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.5.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.5.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.5.0
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.4.1
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.4.0
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.3.4
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.3.3
23 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.3.2
23 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.3.1
23 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.3.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.2.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.2.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.2.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.2.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.2.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.1.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.1.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.1.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.1.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.1.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.1.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.0.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.0.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.0.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.