← Home

@takeshape/ssg

npm Repository Homepage

Static Site Generator

30
Versions
MIT
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

asprouseincomplmshickmcat

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
phantom-deps phantom-dep:@takeshape/vm-nunjucks AI (phantom-deps): Same-org dep; consumed in compiled output. ai
phantom-deps phantom-dep:@takeshape/util AI (phantom-deps): Same-org dep; consumed in compiled output. ai
phantom-deps phantom-dep:moment-timezone AI (phantom-deps): Same pattern — declared runtime dep consumed in compiled output. ai
phantom-deps phantom-dep:@takeshape/prism AI (phantom-deps): Same-org dep; consumed in compiled output. ai
phantom-deps phantom-dep:@takeshape/routing AI (phantom-deps): Same-org dep; consumed in compiled output. ai
phantom-deps phantom-dep:@takeshape/streams AI (phantom-deps): Same-org dep; consumed in compiled output. ai
phantom-deps phantom-dep:lodash AI (phantom-deps): Bundled SSG package; deps declared but consumed via compiled dist, not direct imports. ai
phantom-deps phantom-dep:graphql AI (phantom-deps): Same pattern — declared runtime dep consumed in compiled output. ai
phantom-deps phantom-dep:js-yaml AI (phantom-deps): Same pattern — declared runtime dep consumed in compiled output. ai
phantom-deps phantom-dep:pumpify AI (phantom-deps): Same pattern — declared runtime dep consumed in compiled output. ai
phantom-deps phantom-dep:bluebird AI (phantom-deps): Same pattern — declared runtime dep consumed in compiled output. ai
phantom-deps phantom-dep:fs-extra AI (phantom-deps): Same pattern — declared runtime dep consumed in compiled output. ai
phantom-deps phantom-dep:minimize AI (phantom-deps): Same pattern — declared runtime dep consumed in compiled output. ai
phantom-deps phantom-dep:d3-format AI (phantom-deps): Same pattern — declared runtime dep consumed in compiled output. ai
phantom-deps phantom-dep:pluralize AI (phantom-deps): Same pattern — declared runtime dep consumed in compiled output. ai
phantom-deps phantom-dep:commonmark AI (phantom-deps): Same pattern — declared runtime dep consumed in compiled output. ai
phantom-deps phantom-dep:node-fetch AI (phantom-deps): Same pattern — declared runtime dep consumed in compiled output. ai
phantom-deps phantom-dep:json-variables AI (phantom-deps): Same pattern — declared runtime dep consumed in compiled output. ai
phantom-deps phantom-dep:moment AI (phantom-deps): moment is a declared runtime dep; phantom-dep heuristic false positive for this package. ai
phantom-deps phantom-dep:resolve AI (phantom-deps): resolve is a declared runtime dep; phantom-dep heuristic false positive for this package. ai
typosquat typosquat.levenshtein:qs AI (typosquat): Scoped package @takeshape/ssg cannot typosquat 'qs'; Levenshtein match is spurious. ai
bogus-package bogus-package AI (bogus-package): Established 6-year-old package with 1009 versions; README signals are not indicative of spam for this package. ai
typosquat typosquat.levenshtein:pg AI (typosquat): Scoped package @takeshape/ssg cannot typosquat 'pg'; Levenshtein match is spurious. ai

Versions (showing 30 of 30)

Version Deps Published
12.19.0 21 / 12
12.18.2 21 / 12
12.17.3 21 / 12
12.13.2 21 / 12
12.13.1 21 / 12
12.13.0 21 / 12
12.7.0 21 / 12
12.3.0 21 / 12
12.1.5 21 / 12
12.1.1 21 / 12
11.187.1 21 / 12
11.186.1 21 / 12
11.185.0 21 / 12
11.184.3 21 / 12
11.181.0 21 / 12
11.177.4 21 / 12
11.177.0 21 / 12
11.176.0 21 / 12
11.170.2 21 / 12
11.168.2 21 / 12
11.167.1 21 / 12
11.164.0 21 / 12
11.162.1 21 / 12
11.158.2 21 / 12
11.157.0 21 / 12
11.155.3 21 / 12
11.155.1 21 / 12
11.154.4 21 / 12
11.154.1 21 / 12
11.143.0 21 / 12

v12.19.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.18.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.17.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.13.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.13.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.13.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.7.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.3.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.1.5

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v12.1.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v11.187.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v11.186.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v11.185.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v11.184.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v11.181.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v11.177.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v11.177.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v11.176.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v11.170.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v11.168.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v11.167.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v11.164.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v11.162.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v11.158.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v11.157.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v11.155.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v11.155.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v11.154.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v11.154.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v11.143.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.