← Home

@strapi/content-releases

npm Repository Homepage

Strapi plugin for organizing and releasing content

51
Versions
SEE LICENSE IN LICENSE
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

pierreburgyaurelsicokoalexandrebodinconvlynico-strapistrapi.adzouzbaronvoninternetmarc-roig-strapijhoward1994bassel17cache-your-dreams

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
source-diff obfuscated-file:dist/admin/assets/purchase-page-illustration-dark.svg.js AI (source-diff): Inline SVG data URI for illustration asset, not obfuscated code. ai
source-diff obfuscated-file:dist/admin/assets/purchase-page-illustration-light.svg.js AI (source-diff): Inline SVG data URI for illustration asset, not obfuscated code. ai
source-diff source-size-tripled AI (source-diff): Major version jump (v4→v5) with restructured build output; expected for Strapi monorepo plugin. ai
maintainer-change maintainer-added AI (maintainer-change): Strapi org regularly adds maintainers; no code changes accompany this version, low risk of compromise. ai
dependencies unvetted-dep:@strapi/helper-plugin AI (dependencies): First-party Strapi package used across the Strapi ecosystem; no security concern. ai
phantom-deps phantom-dep:@strapi/types AI (phantom-deps): Same-org TypeScript types package; phantom usage is expected in monorepo TypeScript builds. ai
dependencies unvetted-dep:@strapi/icons AI (dependencies): First-party Strapi monorepo sibling package; co-released at matching version. Not a third-party risk. ai
license uncommon-license:SEE LICENSE IN LICENSE AI (license): Standard Strapi dual-license pattern used across all their packages; not a security concern. ai
dependencies unvetted-dep:@strapi/types AI (dependencies): First-party Strapi monorepo sibling package; co-released at matching version. Not a third-party risk. ai
dependencies unvetted-dep:@strapi/utils AI (dependencies): First-party Strapi monorepo sibling package; co-released at matching version. Not a third-party risk. ai
dependencies unvetted-dep:@strapi/database AI (dependencies): First-party Strapi monorepo sibling package; co-released at matching version. Not a third-party risk. ai
dependencies unvetted-dep:@strapi/design-system AI (dependencies): First-party Strapi monorepo sibling package; co-released at matching version. Not a third-party risk. ai
bogus-package bogus-package AI (bogus-package): Monorepo sub-package; short README and no keywords are expected for internal Strapi plugin packages. ai

Versions (showing 51 of 65)

View all versions
Version Deps Published
5.47.1 14 / 15
5.47.0 14 / 15
5.46.1 14 / 15
5.46.0 14 / 15
5.45.1 14 / 15
5.45.0 14 / 15
5.44.0 14 / 15
5.43.0 14 / 15
5.42.1 14 / 15
5.42.0 14 / 15
5.41.1 14 / 15
5.41.0 14 / 15
5.40.0 14 / 15
5.39.0 14 / 15
5.38.1 14 / 15
5.38.0 14 / 15
5.37.1 14 / 15
5.37.0 14 / 15
5.36.1 14 / 15
5.36.0 14 / 15
5.35.0 14 / 15
5.34.0 14 / 15
5.33.4 14 / 15
5.33.3 14 / 15
5.33.2 14 / 15
5.33.1 14 / 15
5.33.0 14 / 15
5.31.3 14 / 15
5.31.2 14 / 15
5.31.1 14 / 15
5.31.0 14 / 15
5.30.1 14 / 15
5.30.0 14 / 15
5.29.0 14 / 15
5.28.0 14 / 15
5.27.0 14 / 15
5.26.0 14 / 15
5.25.0 14 / 15
5.24.2 14 / 15
5.24.1 14 / 15
5.24.0 14 / 15
5.23.6 14 / 15
5.23.5 14 / 15
5.23.4 14 / 15
5.23.3 14 / 15
5.23.2 14 / 15
5.23.1 14 / 15
5.23.0 14 / 15
5.22.0 14 / 15
5.21.0 14 / 15
5.20.0 14 / 15

v5.47.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.47.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.46.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.46.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.45.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.45.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.43.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.42.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.42.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.41.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.41.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.40.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.39.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.38.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.38.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.37.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.37.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.36.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.36.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.35.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.34.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.33.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.33.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.33.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.33.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.33.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.31.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.31.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.31.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.31.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.30.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.30.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.23.5

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.