@taiga-ui/commitlint-config
Taiga UI commitlint config
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | publisher-changed | AI (provenance): splincode is a listed contributor in package.json; transition appears legitimate within the taiga-family org. | ai |
Versions (showing 100 of 262)
| Version | Deps | Published |
|---|---|---|
| 0.537.0 | 2 / 0 | |
| 0.536.0 | 2 / 0 | |
| 0.535.0 | 2 / 0 | |
| 0.534.0 | 2 / 0 | |
| 0.533.0 | 2 / 0 | |
| 0.532.0 | 0 / 0 | |
| 0.531.0 | 0 / 0 | |
| 0.530.0 | 0 / 0 | |
| 0.529.0 | 0 / 0 | |
| 0.528.0 | 0 / 0 | |
| 0.527.0 | 0 / 0 | |
| 0.526.0 | 0 / 0 | |
| 0.525.0 | 0 / 0 | |
| 0.524.0 | 0 / 0 | |
| 0.523.0 | 0 / 0 | |
| 0.522.0 | 0 / 0 | |
| 0.521.0 | 0 / 0 | |
| 0.520.0 | 0 / 0 | |
| 0.519.0 | 0 / 0 | |
| 0.518.0 | 0 / 0 | |
| 0.517.0 | 0 / 0 | |
| 0.516.0 | 0 / 0 | |
| 0.515.0 | 0 / 0 | |
| 0.514.0 | 0 / 0 | |
| 0.513.0 | 0 / 0 | |
| 0.512.0 | 0 / 0 | |
| 0.511.0 | 0 / 0 | |
| 0.510.0 | 0 / 0 | |
| 0.509.0 | 0 / 0 | |
| 0.508.0 | 0 / 0 | |
| 0.507.0 | 0 / 0 | |
| 0.506.0 | 0 / 0 | |
| 0.505.0 | 0 / 0 | |
| 0.504.0 | 0 / 0 | |
| 0.503.0 | 0 / 0 | |
| 0.502.0 | 0 / 0 | |
| 0.501.0 | 0 / 0 | |
| 0.500.0 | 0 / 0 | |
| 0.499.0 | 0 / 0 | |
| 0.498.0 | 0 / 0 | |
| 0.497.0 | 0 / 0 | |
| 0.496.0 | 0 / 0 | |
| 0.495.0 | 0 / 0 | |
| 0.494.0 | 0 / 0 | |
| 0.493.0 | 0 / 0 | |
| 0.492.0 | 0 / 0 | |
| 0.491.0 | 0 / 0 | |
| 0.490.0 | 0 / 0 | |
| 0.489.0 | 0 / 0 | |
| 0.488.0 | 0 / 0 | |
| 0.487.0 | 0 / 0 | |
| 0.486.0 | 0 / 0 | |
| 0.485.0 | 0 / 0 | |
| 0.484.0 | 0 / 0 | |
| 0.483.0 | 0 / 0 | |
| 0.482.0 | 0 / 0 | |
| 0.481.0 | 0 / 0 | |
| 0.480.0 | 0 / 0 | |
| 0.479.0 | 0 / 0 | |
| 0.478.0 | 0 / 0 | |
| 0.477.0 | 0 / 0 | |
| 0.476.0 | 0 / 0 | |
| 0.475.0 | 0 / 0 | |
| 0.474.0 | 0 / 0 | |
| 0.473.0 | 0 / 0 | |
| 0.472.0 | 0 / 0 | |
| 0.471.0 | 0 / 0 | |
| 0.470.0 | 0 / 0 | |
| 0.469.0 | 0 / 0 | |
| 0.468.0 | 0 / 0 | |
| 0.467.0 | 0 / 0 | |
| 0.466.0 | 0 / 0 | |
| 0.465.0 | 0 / 0 | |
| 0.464.0 | 0 / 0 | |
| 0.463.0 | 0 / 0 | |
| 0.462.0 | 0 / 0 | |
| 0.461.0 | 0 / 0 | |
| 0.460.0 | 0 / 0 | |
| 0.459.0 | 0 / 0 | |
| 0.458.0 | 0 / 0 | |
| 0.457.0 | 0 / 0 | |
| 0.456.0 | 0 / 0 | |
| 0.455.0 | 0 / 0 | |
| 0.454.0 | 0 / 0 | |
| 0.453.0 | 0 / 0 | |
| 0.452.0 | 0 / 0 | |
| 0.451.0 | 0 / 0 | |
| 0.450.0 | 0 / 0 | |
| 0.449.0 | 0 / 0 | |
| 0.448.0 | 0 / 0 | |
| 0.447.0 | 0 / 0 | |
| 0.446.0 | 0 / 0 | |
| 0.445.0 | 0 / 0 | |
| 0.444.0 | 0 / 0 | |
| 0.443.0 | 0 / 0 | |
| 0.442.0 | 0 / 0 | |
| 0.441.0 | 0 / 0 | |
| 0.440.0 | 0 / 0 | |
| 0.439.0 | 0 / 0 | |
| 0.438.0 | 0 / 0 |
v0.537.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.536.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.535.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.534.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.533.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.532.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.531.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.530.0
2 findingsPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (nsbarsukov) than the most recent previously approved version (vladimir.potekhin) on 2026-05-22, but nsbarsukov is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v0.529.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.528.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.527.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.526.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.525.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.524.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.523.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.522.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.521.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.520.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.519.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.518.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.517.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.516.0
2 findingsPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version was published by a different npm account than previous versions on 2026-05-10. This could indicate a legitimate maintainer transition or an account compromise.
v0.515.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.514.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.513.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.512.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.511.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.510.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.509.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.508.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.507.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.506.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.505.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.504.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.503.0
2 findingsPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version was published by a different npm account than previous versions on 2026-05-04. This could indicate a legitimate maintainer transition or an account compromise.
v0.502.0
2 findingsPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version was published by a different npm account than previous versions on 2026-05-04. This could indicate a legitimate maintainer transition or an account compromise.
v0.501.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.500.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.499.0
2 findingsThis version was published by a different npm account than previous versions on 2026-05-03. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.498.0
2 findingsThis version was published by a different npm account than previous versions on 2026-05-03. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.497.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.496.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.495.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.494.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.493.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.492.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.491.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.488.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.487.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.486.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.485.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.484.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.483.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.482.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.481.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.480.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.479.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.478.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.477.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.476.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.475.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.474.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.473.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.472.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.471.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.470.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.469.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.468.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.467.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.466.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.465.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.464.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.463.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.462.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.461.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.460.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.459.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.458.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.457.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.456.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.455.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.454.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.453.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.452.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.451.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.450.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.449.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.448.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.447.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.446.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.445.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.444.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.443.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.442.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.441.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.440.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.439.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.438.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.