@superblocksteam/shared
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:pino | AI (phantom-deps): pino is declared and used in config; legitimate implicit dependency for logging infrastructure. | ai | |
| phantom-deps | phantom-dep:tslib | AI (phantom-deps): tslib is a standard TypeScript runtime helper; implicit dependency from TypeScript compilation. | ai | |
| phantom-deps | phantom-dep:google-protobuf | AI (phantom-deps): google-protobuf is declared and referenced in config; legitimate implicit dependency. | ai | |
| phantom-deps | phantom-dep:@types/estree | AI (phantom-deps): TypeScript type declaration packages are commonly declared as deps without direct imports; this is standard TS practice for this package. | ai | |
| phantom-deps | phantom-dep:@types/events | AI (phantom-deps): TypeScript type declaration packages are commonly declared as deps without direct imports; this is standard TS practice for this package. | ai | |
| phantom-deps | phantom-dep:@types/esprima | AI (phantom-deps): TypeScript type declaration packages are commonly declared as deps without direct imports; this is standard TS practice for this package. | ai |
Versions (showing 100 of 651)
| Version | Deps | Published |
|---|---|---|
| 0.9590.3 | 20 / 17 | |
| 0.9590.2 | 20 / 17 | |
| 0.9590.1 | 20 / 17 | |
| 0.9590.0 | 20 / 17 | |
| 0.9589.6 | 20 / 17 | |
| 0.9589.5 | 20 / 17 | |
| 0.9589.4 | 20 / 17 | |
| 0.9589.3 | 20 / 17 | |
| 0.9589.2 | 20 / 17 | |
| 0.9589.1 | 20 / 17 | |
| 0.9589.0 | 20 / 17 | |
| 0.9586.9 | 20 / 17 | |
| 0.9586.8 | 20 / 17 | |
| 0.9586.7 | 20 / 17 | |
| 0.9586.6 | 20 / 17 | |
| 0.9586.5 | 20 / 17 | |
| 0.9586.4 | 20 / 17 | |
| 0.9586.3 | 20 / 17 | |
| 0.9586.2 | 20 / 17 | |
| 0.9586.1 | 20 / 17 | |
| 0.9586.0 | 20 / 17 | |
| 0.9585.2 | 20 / 17 | |
| 0.9585.1 | 20 / 17 | |
| 0.9585.0 | 20 / 17 | |
| 0.9584.10 | 20 / 17 | |
| 0.9584.9 | 20 / 17 | |
| 0.9584.8 | 20 / 17 | |
| 0.9584.7 | 20 / 17 | |
| 0.9584.6 | 20 / 17 | |
| 0.9584.5 | 20 / 17 | |
| 0.9584.4 | 20 / 17 | |
| 0.9584.3 | 20 / 17 | |
| 0.9584.2 | 20 / 17 | |
| 0.9584.1 | 20 / 17 | |
| 0.9584.0 | 20 / 17 | |
| 0.9583.0 | 20 / 17 | |
| 0.9582.6 | 20 / 17 | |
| 0.9582.5 | 20 / 17 | |
| 0.9582.4 | 20 / 17 | |
| 0.9582.3 | 20 / 17 | |
| 0.9582.2 | 20 / 17 | |
| 0.9582.0 | 20 / 17 | |
| 0.9581.0 | 20 / 17 | |
| 0.9580.0 | 20 / 17 | |
| 0.9579.3 | 20 / 17 | |
| 0.9579.2 | 20 / 17 | |
| 0.9579.1 | 20 / 17 | |
| 0.9579.0 | 20 / 17 | |
| 0.9578.13 | 20 / 17 | |
| 0.9578.12 | 20 / 17 | |
| 0.9578.11 | 20 / 17 | |
| 0.9578.10 | 20 / 17 | |
| 0.9578.9 | 20 / 17 | |
| 0.9578.8 | 20 / 17 | |
| 0.9578.7 | 20 / 17 | |
| 0.9578.6 | 20 / 17 | |
| 0.9578.5 | 20 / 17 | |
| 0.9578.4 | 20 / 17 | |
| 0.9578.3 | 20 / 17 | |
| 0.9578.2 | 20 / 17 | |
| 0.9578.1 | 20 / 17 | |
| 0.9578.0 | 20 / 17 | |
| 0.9577.4 | 20 / 17 | |
| 0.9577.3 | 20 / 17 | |
| 0.9577.2 | 20 / 17 | |
| 0.9577.1 | 20 / 17 | |
| 0.9577.0 | 20 / 17 | |
| 0.9576.2 | 20 / 17 | |
| 0.9576.1 | 20 / 17 | |
| 0.9576.0 | 20 / 17 | |
| 0.9575.2 | 20 / 17 | |
| 0.9575.1 | 20 / 17 | |
| 0.9575.0 | 20 / 17 | |
| 0.9574.0 | 20 / 17 | |
| 0.9573.0 | 20 / 17 | |
| 0.9572.0 | 20 / 17 | |
| 0.9571.0 | 20 / 17 | |
| 0.9570.0 | 20 / 17 | |
| 0.9569.5 | 20 / 17 | |
| 0.9569.4 | 20 / 17 | |
| 0.9569.3 | 20 / 17 | |
| 0.9569.2 | 20 / 17 | |
| 0.9569.1 | 20 / 17 | |
| 0.9569.0 | 20 / 17 | |
| 0.9568.6 | 20 / 17 | |
| 0.9568.5 | 20 / 17 | |
| 0.9568.4 | 20 / 17 | |
| 0.9568.3 | 20 / 17 | |
| 0.9568.2 | 20 / 17 | |
| 0.9568.1 | 20 / 17 | |
| 0.9568.0 | 20 / 17 | |
| 0.9567.4 | 20 / 17 | |
| 0.9567.3 | 20 / 17 | |
| 0.9567.2 | 20 / 17 | |
| 0.9567.1 | 20 / 17 | |
| 0.9567.0 | 20 / 17 | |
| 0.9566.7 | 20 / 20 | |
| 0.9566.6 | 20 / 20 | |
| 0.9566.4 | 20 / 20 | |
| 0.9566.3 | 20 / 20 |
v0.9590.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9590.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9590.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9590.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9589.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9589.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9589.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9589.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9589.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9589.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9589.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9586.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9586.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9586.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9586.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9586.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9586.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9586.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9586.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9586.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9586.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9585.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9585.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9585.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9584.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9584.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9584.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9584.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9584.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9584.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9584.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9584.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9584.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9584.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9583.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9582.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9582.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9582.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9582.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9582.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9582.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9581.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9580.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9579.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9579.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9579.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9579.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9578.13
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9578.12
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9578.11
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9578.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9578.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9578.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9578.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9578.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9578.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9578.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9578.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9578.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9578.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9578.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9577.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9577.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9577.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9577.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9577.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9576.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9576.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9576.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9575.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9575.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9575.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9574.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9573.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9572.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9571.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9570.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9569.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9569.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9569.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9569.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9569.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9569.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9568.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9568.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9568.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9568.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9568.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9568.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9568.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9567.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9567.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9567.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9567.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9567.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9566.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9566.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9566.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9566.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.