@solid-devtools/debugger
Debugger of the Solid's reactivity graph — a cornerstone of all solid-devtools.
3
Versions
MIT
License
No
Install Scripts
Missing
Provenance
Supply chain provenance
Status for the latest visible version.
No SLSA provenance
npm registry signatures
No source commit
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
thetarnav.
Keywords
soliddevtoolsdebuggerreactivity
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:@solid-devtools/shared | AI (dependencies): Part of the same solid-devtools monorepo; legitimate sibling dependency for this package. | ai | |
| dependencies | unvetted-dep:@solid-primitives/bounds | AI (dependencies): @solid-primitives is a well-known SolidJS community primitives library; standard dependency for SolidJS ecosystem packages. | ai | |
| dependencies | unvetted-dep:@solid-primitives/keyboard | AI (dependencies): @solid-primitives is a well-known SolidJS community primitives library; standard dependency for SolidJS ecosystem packages. | ai | |
| dependencies | unvetted-dep:@solid-primitives/rootless | AI (dependencies): @solid-primitives is a well-known SolidJS community primitives library; standard dependency for SolidJS ecosystem packages. | ai | |
| dependencies | unvetted-dep:@solid-primitives/scheduled | AI (dependencies): @solid-primitives is a well-known SolidJS community primitives library; standard dependency for SolidJS ecosystem packages. | ai | |
| dependencies | unvetted-dep:@solid-primitives/static-store | AI (dependencies): @solid-primitives is a well-known SolidJS community primitives library; standard dependency for SolidJS ecosystem packages. | ai | |
| dependencies | unvetted-dep:@solid-primitives/event-listener | AI (dependencies): @solid-primitives is a well-known SolidJS community primitives library; standard dependency for SolidJS ecosystem packages. | ai | |
| phantom-deps | phantom-dep:@solid-primitives/bounds | AI (phantom-deps): Declared in package.json dependencies and referenced in config files; not a security concern for this devtools package. | ai |
v0.28.1
1 finding
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.