@superblocksteam/shared
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:pino | AI (phantom-deps): pino is declared and used in config; legitimate implicit dependency for logging infrastructure. | ai | |
| phantom-deps | phantom-dep:tslib | AI (phantom-deps): tslib is a standard TypeScript runtime helper; implicit dependency from TypeScript compilation. | ai | |
| phantom-deps | phantom-dep:google-protobuf | AI (phantom-deps): google-protobuf is declared and referenced in config; legitimate implicit dependency. | ai | |
| phantom-deps | phantom-dep:@types/estree | AI (phantom-deps): TypeScript type declaration packages are commonly declared as deps without direct imports; this is standard TS practice for this package. | ai | |
| phantom-deps | phantom-dep:@types/events | AI (phantom-deps): TypeScript type declaration packages are commonly declared as deps without direct imports; this is standard TS practice for this package. | ai | |
| phantom-deps | phantom-dep:@types/esprima | AI (phantom-deps): TypeScript type declaration packages are commonly declared as deps without direct imports; this is standard TS practice for this package. | ai |
Versions (showing 51 of 651)
| Version | Deps | Published |
|---|---|---|
| 0.9590.3 | 20 / 17 | |
| 0.9590.2 | 20 / 17 | |
| 0.9590.1 | 20 / 17 | |
| 0.9590.0 | 20 / 17 | |
| 0.9589.6 | 20 / 17 | |
| 0.9589.5 | 20 / 17 | |
| 0.9589.4 | 20 / 17 | |
| 0.9589.3 | 20 / 17 | |
| 0.9589.2 | 20 / 17 | |
| 0.9589.1 | 20 / 17 | |
| 0.9589.0 | 20 / 17 | |
| 0.9586.9 | 20 / 17 | |
| 0.9586.8 | 20 / 17 | |
| 0.9586.7 | 20 / 17 | |
| 0.9586.6 | 20 / 17 | |
| 0.9586.5 | 20 / 17 | |
| 0.9586.4 | 20 / 17 | |
| 0.9586.3 | 20 / 17 | |
| 0.9586.2 | 20 / 17 | |
| 0.9586.1 | 20 / 17 | |
| 0.9586.0 | 20 / 17 | |
| 0.9585.2 | 20 / 17 | |
| 0.9585.1 | 20 / 17 | |
| 0.9585.0 | 20 / 17 | |
| 0.9584.10 | 20 / 17 | |
| 0.9584.9 | 20 / 17 | |
| 0.9584.8 | 20 / 17 | |
| 0.9584.7 | 20 / 17 | |
| 0.9584.6 | 20 / 17 | |
| 0.9584.5 | 20 / 17 | |
| 0.9584.4 | 20 / 17 | |
| 0.9584.3 | 20 / 17 | |
| 0.9584.2 | 20 / 17 | |
| 0.9584.1 | 20 / 17 | |
| 0.9584.0 | 20 / 17 | |
| 0.9583.0 | 20 / 17 | |
| 0.9582.6 | 20 / 17 | |
| 0.9582.5 | 20 / 17 | |
| 0.9582.4 | 20 / 17 | |
| 0.9582.3 | 20 / 17 | |
| 0.9582.2 | 20 / 17 | |
| 0.9582.0 | 20 / 17 | |
| 0.9581.0 | 20 / 17 | |
| 0.9580.0 | 20 / 17 | |
| 0.9579.3 | 20 / 17 | |
| 0.9579.2 | 20 / 17 | |
| 0.9579.1 | 20 / 17 | |
| 0.9579.0 | 20 / 17 | |
| 0.9578.13 | 20 / 17 | |
| 0.9578.12 | 20 / 17 | |
| 0.9578.11 | 20 / 17 |
v0.9590.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9590.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9590.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9590.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9589.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9589.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9589.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9589.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9589.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9589.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9589.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9586.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9586.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9586.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9586.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9586.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9586.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9586.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9586.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9586.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9586.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9585.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9585.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9585.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9584.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9584.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9584.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9584.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9584.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9584.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9584.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9584.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9584.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9584.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9583.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9582.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9582.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9582.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9582.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9582.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9582.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9581.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9580.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9579.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9579.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9579.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9579.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9578.13
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9578.12
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9578.11
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.