@superblocksteam/shared
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:pino | AI (phantom-deps): pino is declared and used in config; legitimate implicit dependency for logging infrastructure. | ai | |
| phantom-deps | phantom-dep:tslib | AI (phantom-deps): tslib is a standard TypeScript runtime helper; implicit dependency from TypeScript compilation. | ai | |
| phantom-deps | phantom-dep:google-protobuf | AI (phantom-deps): google-protobuf is declared and referenced in config; legitimate implicit dependency. | ai | |
| phantom-deps | phantom-dep:@types/estree | AI (phantom-deps): TypeScript type declaration packages are commonly declared as deps without direct imports; this is standard TS practice for this package. | ai | |
| phantom-deps | phantom-dep:@types/events | AI (phantom-deps): TypeScript type declaration packages are commonly declared as deps without direct imports; this is standard TS practice for this package. | ai | |
| phantom-deps | phantom-dep:@types/esprima | AI (phantom-deps): TypeScript type declaration packages are commonly declared as deps without direct imports; this is standard TS practice for this package. | ai |
Versions (showing 100 of 667)
| Version | Deps | Published |
|---|---|---|
| 0.9551.4 | 23 / 24 | |
| 0.9551.3 | 23 / 24 | |
| 0.9551.2 | 23 / 24 | |
| 0.9551.1 | 23 / 24 | |
| 0.9551.0 | 23 / 24 | |
| 0.9550.0 | 23 / 24 | |
| 0.9549.15 | 23 / 24 | |
| 0.9549.14 | 23 / 24 | |
| 0.9549.13 | 23 / 24 | |
| 0.9549.12 | 23 / 24 | |
| 0.9549.11 | 23 / 24 | |
| 0.9549.9 | 23 / 24 | |
| 0.9549.8 | 23 / 24 | |
| 0.9549.7 | 23 / 24 | |
| 0.9549.6 | 23 / 24 | |
| 0.9549.5 | 23 / 24 | |
| 0.9549.4 | 23 / 24 | |
| 0.9549.3 | 23 / 24 | |
| 0.9549.2 | 23 / 24 | |
| 0.9549.1 | 23 / 24 | |
| 0.9549.0 | 23 / 24 | |
| 0.9548.4 | 23 / 24 | |
| 0.9548.3 | 23 / 24 | |
| 0.9548.2 | 23 / 24 | |
| 0.9548.1 | 23 / 24 | |
| 0.9548.0 | 23 / 24 | |
| 0.9547.6 | 23 / 24 | |
| 0.9547.5 | 23 / 24 | |
| 0.9547.4 | 23 / 24 | |
| 0.9547.3 | 23 / 24 | |
| 0.9547.2 | 23 / 24 | |
| 0.9547.1 | 23 / 24 | |
| 0.9547.0 | 23 / 24 | |
| 0.9546.8 | 23 / 24 | |
| 0.9546.7 | 23 / 24 | |
| 0.9546.6 | 23 / 24 | |
| 0.9546.5 | 23 / 24 | |
| 0.9546.4 | 23 / 24 | |
| 0.9546.3 | 23 / 24 | |
| 0.9546.2 | 23 / 24 | |
| 0.9546.1 | 23 / 24 | |
| 0.9546.0 | 23 / 24 | |
| 0.9545.1 | 23 / 24 | |
| 0.9545.0 | 23 / 24 | |
| 0.9544.2 | 24 / 24 | |
| 0.9544.1 | 24 / 24 | |
| 0.9544.0 | 24 / 24 | |
| 0.9543.11 | 24 / 24 | |
| 0.9543.10 | 24 / 24 | |
| 0.9543.9 | 24 / 24 | |
| 0.9543.8 | 24 / 24 | |
| 0.9543.7 | 24 / 24 | |
| 0.9543.6 | 23 / 24 | |
| 0.9543.5 | 23 / 24 | |
| 0.9543.4 | 23 / 24 | |
| 0.9543.3 | 23 / 24 | |
| 0.9543.2 | 23 / 24 | |
| 0.9543.1 | 23 / 24 | |
| 0.9543.0 | 23 / 24 | |
| 0.9542.0 | 23 / 24 | |
| 0.9541.0 | 23 / 24 | |
| 0.9540.0 | 23 / 24 | |
| 0.9539.0 | 23 / 24 | |
| 0.9538.0 | 23 / 24 | |
| 0.9537.0 | 23 / 24 | |
| 0.9536.0 | 23 / 24 | |
| 0.9535.0 | 23 / 24 | |
| 0.9534.0 | 23 / 24 | |
| 0.9533.0 | 23 / 24 | |
| 0.9532.0 | 23 / 24 | |
| 0.9531.0 | 23 / 24 | |
| 0.9530.0 | 23 / 24 | |
| 0.9529.0 | 23 / 24 | |
| 0.9528.0 | 23 / 24 | |
| 0.9527.0 | 23 / 24 | |
| 0.9526.0 | 23 / 24 | |
| 0.9525.0 | 23 / 24 | |
| 0.9524.0 | 23 / 24 | |
| 0.9523.0 | 23 / 24 | |
| 0.9522.0 | 26 / 25 | |
| 0.9521.0 | 26 / 25 | |
| 0.9520.0 | 26 / 25 | |
| 0.9519.0 | 26 / 25 | |
| 0.9518.0 | 26 / 25 | |
| 0.9517.0 | 26 / 25 | |
| 0.9516.0 | 26 / 25 | |
| 0.9515.0 | 26 / 25 | |
| 0.9514.0 | 26 / 25 | |
| 0.9513.0 | 26 / 25 | |
| 0.9512.0 | 26 / 25 | |
| 0.9511.0 | 26 / 25 | |
| 0.9510.0 | 26 / 25 | |
| 0.9509.0 | 26 / 25 | |
| 0.9508.0 | 26 / 25 | |
| 0.9507.0 | 26 / 25 | |
| 0.9505.0 | 26 / 25 | |
| 0.9504.0 | 26 / 25 | |
| 0.9503.0 | 26 / 25 | |
| 0.9502.0 | 26 / 25 | |
| 0.9501.0 | 26 / 25 |
v0.9549.12
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9549.11
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9543.11
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9543.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9543.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9516.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9503.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.