@superblocksteam/shared
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:pino | AI (phantom-deps): pino is declared and used in config; legitimate implicit dependency for logging infrastructure. | ai | |
| phantom-deps | phantom-dep:tslib | AI (phantom-deps): tslib is a standard TypeScript runtime helper; implicit dependency from TypeScript compilation. | ai | |
| phantom-deps | phantom-dep:google-protobuf | AI (phantom-deps): google-protobuf is declared and referenced in config; legitimate implicit dependency. | ai | |
| phantom-deps | phantom-dep:@types/estree | AI (phantom-deps): TypeScript type declaration packages are commonly declared as deps without direct imports; this is standard TS practice for this package. | ai | |
| phantom-deps | phantom-dep:@types/events | AI (phantom-deps): TypeScript type declaration packages are commonly declared as deps without direct imports; this is standard TS practice for this package. | ai | |
| phantom-deps | phantom-dep:@types/esprima | AI (phantom-deps): TypeScript type declaration packages are commonly declared as deps without direct imports; this is standard TS practice for this package. | ai |
Versions (showing 100 of 668)
| Version | Deps | Published |
|---|---|---|
| 0.9383.0 | 23 / 23 | |
| 0.9382.0 | 23 / 23 | |
| 0.9381.0 | 23 / 23 | |
| 0.9379.0 | 23 / 23 | |
| 0.9378.0 | 23 / 23 | |
| 0.9377.0 | 23 / 23 | |
| 0.9376.0 | 23 / 23 | |
| 0.9375.0 | 23 / 23 | |
| 0.9374.0 | 23 / 23 | |
| 0.9373.0 | 23 / 22 | |
| 0.9372.0 | 23 / 22 | |
| 0.9371.0 | 23 / 22 | |
| 0.9370.0 | 23 / 22 | |
| 0.9369.0 | 23 / 22 | |
| 0.9368.0 | 23 / 22 | |
| 0.9367.0 | 23 / 22 | |
| 0.9366.0 | 23 / 22 | |
| 0.9365.0 | 23 / 22 | |
| 0.9364.0 | 23 / 22 | |
| 0.9363.0 | 23 / 22 | |
| 0.9362.0 | 23 / 22 | |
| 0.9361.0 | 23 / 22 | |
| 0.9359.0 | 23 / 22 | |
| 0.9358.0 | 23 / 22 | |
| 0.9357.0 | 23 / 22 | |
| 0.9356.0 | 23 / 22 | |
| 0.9355.0 | 23 / 22 | |
| 0.9354.0 | 23 / 22 | |
| 0.9353.0 | 23 / 22 | |
| 0.9352.0 | 23 / 22 | |
| 0.9351.0 | 23 / 22 | |
| 0.9350.0 | 23 / 22 | |
| 0.9349.0 | 23 / 22 | |
| 0.9348.0 | 23 / 22 | |
| 0.9347.0 | 23 / 22 | |
| 0.9346.0 | 23 / 22 | |
| 0.9345.0 | 23 / 22 | |
| 0.9344.0 | 23 / 22 | |
| 0.9342.0 | 23 / 22 | |
| 0.9341.0 | 23 / 22 | |
| 0.9340.0 | 23 / 22 | |
| 0.9339.0 | 23 / 22 | |
| 0.9338.0 | 23 / 22 | |
| 0.9337.0 | 23 / 22 | |
| 0.9336.0 | 23 / 22 | |
| 0.9335.0 | 23 / 22 | |
| 0.9334.0 | 23 / 22 | |
| 0.9333.0 | 23 / 22 | |
| 0.9332.0 | 23 / 22 | |
| 0.9331.0 | 23 / 22 | |
| 0.9330.0 | 23 / 22 | |
| 0.9329.0 | 23 / 22 | |
| 0.9328.0 | 23 / 22 | |
| 0.9327.0 | 23 / 22 | |
| 0.9326.0 | 23 / 22 | |
| 0.9325.0 | 23 / 22 | |
| 0.9324.0 | 23 / 22 | |
| 0.9323.0 | 23 / 22 | |
| 0.9322.0 | 23 / 22 | |
| 0.9321.0 | 23 / 22 | |
| 0.9320.0 | 23 / 22 | |
| 0.9319.0 | 23 / 22 | |
| 0.9318.0 | 23 / 22 | |
| 0.9317.0 | 23 / 22 | |
| 0.9316.0 | 23 / 22 | |
| 0.9315.0 | 23 / 22 | |
| 0.9314.0 | 23 / 22 | |
| 0.9313.0 | 23 / 22 | |
| 0.9312.0 | 23 / 22 | |
| 0.9311.0 | 23 / 22 | |
| 0.9310.0 | 23 / 22 | |
| 0.9309.0 | 23 / 22 | |
| 0.9308.0 | 23 / 22 | |
| 0.9307.0 | 23 / 22 | |
| 0.9306.0 | 23 / 22 | |
| 0.9305.0 | 23 / 22 | |
| 0.9304.0 | 23 / 22 | |
| 0.9303.0 | 23 / 22 | |
| 0.9302.0 | 23 / 22 | |
| 0.9301.0 | 23 / 22 | |
| 0.9300.0 | 23 / 22 | |
| 0.9299.0 | 23 / 22 | |
| 0.9298.0 | 23 / 22 | |
| 0.9297.0 | 23 / 22 | |
| 0.9296.0 | 23 / 22 | |
| 0.9295.0 | 23 / 22 | |
| 0.9294.0 | 23 / 22 | |
| 0.9293.0 | 23 / 22 | |
| 0.9291.0 | 23 / 22 | |
| 0.9290.0 | 23 / 22 | |
| 0.9289.0 | 23 / 22 | |
| 0.9287.0 | 23 / 22 | |
| 0.9286.0 | 23 / 22 | |
| 0.9285.0 | 23 / 22 | |
| 0.9284.0 | 23 / 22 | |
| 0.9283.0 | 23 / 22 | |
| 0.9282.0 | 23 / 22 | |
| 0.9281.0 | 23 / 22 | |
| 0.9280.0 | 23 / 22 | |
| 0.9279.0 | 23 / 22 |
v0.9378.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9366.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9352.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9329.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9321.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9314.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9298.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9285.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.