@superblocksteam/shared
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:pino | AI (phantom-deps): pino is declared and used in config; legitimate implicit dependency for logging infrastructure. | ai | |
| phantom-deps | phantom-dep:tslib | AI (phantom-deps): tslib is a standard TypeScript runtime helper; implicit dependency from TypeScript compilation. | ai | |
| phantom-deps | phantom-dep:google-protobuf | AI (phantom-deps): google-protobuf is declared and referenced in config; legitimate implicit dependency. | ai | |
| phantom-deps | phantom-dep:@types/estree | AI (phantom-deps): TypeScript type declaration packages are commonly declared as deps without direct imports; this is standard TS practice for this package. | ai | |
| phantom-deps | phantom-dep:@types/events | AI (phantom-deps): TypeScript type declaration packages are commonly declared as deps without direct imports; this is standard TS practice for this package. | ai | |
| phantom-deps | phantom-dep:@types/esprima | AI (phantom-deps): TypeScript type declaration packages are commonly declared as deps without direct imports; this is standard TS practice for this package. | ai |
Versions (showing 100 of 668)
| Version | Deps | Published |
|---|---|---|
| 0.9278.0 | 23 / 22 | |
| 0.9277.0 | 23 / 22 | |
| 0.9276.0 | 23 / 22 | |
| 0.9275.0 | 23 / 22 | |
| 0.9274.0 | 23 / 22 | |
| 0.9272.0 | 23 / 22 | |
| 0.9271.0 | 23 / 22 | |
| 0.9270.0 | 23 / 22 | |
| 0.9269.0 | 23 / 22 | |
| 0.9268.0 | 23 / 22 | |
| 0.9267.0 | 23 / 22 | |
| 0.9265.0 | 23 / 22 | |
| 0.9264.0 | 23 / 22 | |
| 0.9263.0 | 23 / 22 | |
| 0.9262.0 | 23 / 22 | |
| 0.9261.0 | 23 / 22 | |
| 0.9260.0 | 23 / 22 | |
| 0.9259.0 | 23 / 22 | |
| 0.9258.0 | 23 / 22 | |
| 0.9257.0 | 23 / 22 | |
| 0.9256.0 | 23 / 22 | |
| 0.9255.0 | 23 / 22 | |
| 0.9254.0 | 23 / 22 | |
| 0.9253.0 | 23 / 22 | |
| 0.9252.0 | 23 / 22 | |
| 0.9251.0 | 23 / 22 | |
| 0.9250.0 | 23 / 22 | |
| 0.9249.0 | 23 / 22 | |
| 0.9248.0 | 23 / 22 | |
| 0.9246.0 | 23 / 22 | |
| 0.9245.0 | 23 / 22 | |
| 0.9244.0 | 23 / 22 | |
| 0.9243.0 | 23 / 22 | |
| 0.9241.0 | 23 / 22 | |
| 0.9240.0 | 23 / 22 | |
| 0.9239.0 | 23 / 22 | |
| 0.9238.0 | 23 / 22 | |
| 0.9237.0 | 23 / 22 | |
| 0.9236.0 | 23 / 22 | |
| 0.9235.0 | 23 / 22 | |
| 0.9234.0 | 23 / 22 | |
| 0.9231.0 | 23 / 22 | |
| 0.9230.0 | 23 / 22 | |
| 0.9229.0 | 23 / 22 | |
| 0.9228.0 | 23 / 22 | |
| 0.9227.0 | 23 / 22 | |
| 0.9226.0 | 23 / 22 | |
| 0.9225.0 | 23 / 22 | |
| 0.9224.0 | 23 / 22 | |
| 0.9223.0 | 23 / 22 | |
| 0.9222.0 | 23 / 22 | |
| 0.9220.0 | 23 / 22 | |
| 0.9219.0 | 23 / 22 | |
| 0.9217.0 | 23 / 22 | |
| 0.9216.0 | 23 / 22 | |
| 0.9215.0 | 23 / 22 | |
| 0.9214.0 | 23 / 22 | |
| 0.9213.0 | 23 / 22 | |
| 0.9212.0 | 23 / 22 | |
| 0.9211.0 | 23 / 22 | |
| 0.9210.0 | 23 / 22 | |
| 0.9209.0 | 23 / 22 | |
| 0.9208.0 | 23 / 22 | |
| 0.9207.0 | 23 / 22 | |
| 0.9206.0 | 23 / 22 | |
| 0.9205.0 | 23 / 22 | |
| 0.9204.0 | 23 / 22 | |
| 0.9203.0 | 23 / 22 | |
| 0.9202.0 | 23 / 22 | |
| 0.9201.0 | 22 / 22 | |
| 0.9200.0 | 22 / 22 | |
| 0.9199.0 | 22 / 22 | |
| 0.9198.0 | 22 / 22 | |
| 0.9196.0 | 22 / 22 | |
| 0.9195.0 | 22 / 22 | |
| 0.9194.0 | 22 / 22 | |
| 0.9193.0 | 22 / 22 | |
| 0.9192.0 | 22 / 22 | |
| 0.9189.0 | 22 / 22 | |
| 0.9188.0 | 22 / 22 | |
| 0.9187.0 | 22 / 22 | |
| 0.9186.0 | 22 / 22 | |
| 0.9185.0 | 22 / 22 | |
| 0.9184.0 | 22 / 22 | |
| 0.9183.0 | 22 / 22 | |
| 0.9182.0 | 22 / 22 | |
| 0.9181.0 | 22 / 22 | |
| 0.9180.0 | 22 / 22 | |
| 0.9178.0 | 22 / 22 | |
| 0.9177.0 | 22 / 22 | |
| 0.9176.0 | 22 / 22 | |
| 0.9175.0 | 22 / 22 | |
| 0.9174.0 | 22 / 22 | |
| 0.9173.0 | 22 / 22 | |
| 0.9172.0 | 22 / 22 | |
| 0.9171.0 | 22 / 22 | |
| 0.9170.0 | 22 / 22 | |
| 0.9169.0 | 22 / 22 | |
| 0.9168.0 | 22 / 22 | |
| 0.9167.0 | 22 / 22 |
v0.9268.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9246.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9230.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9212.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9202.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9186.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9173.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.