@teambit/aspect
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:artifacts/env-template/public/overview.ba8918e747646f6b90f1.js | AI (source-diff): Standard webpack bundle chunk for teambit overview preview. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/compositions.a12f563682db89cc29f5.js | AI (source-diff): Standard webpack bundle chunk for teambit compositions preview. | ai | |
| source-diff | net-exec-file:artifacts/env-template/public/492.3b9c89426050c66b13d0.js | AI (source-diff): Webpack chunk with __webpack_require__; not dropper malware, consistent with teambit UI bundle pattern. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/492.3b9c89426050c66b13d0.js | AI (source-diff): Standard webpack bundle chunk containing floating-ui React library code. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/466.f9a87284e7c187e6f3fa.js | AI (source-diff): Standard webpack bundle chunk for teambit preview modules. | ai | |
| source-diff | net-exec-file:artifacts/env-template/public/254.848b21663dcb32f9874d.js | AI (source-diff): Webpack chunk with __webpack_require__ dynamic loading; not dropper malware, consistent with teambit UI bundle pattern. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/254.848b21663dcb32f9874d.js | AI (source-diff): Standard webpack bundle chunk; consistent with teambit's env-template artifact build pattern across all versions. | ai | |
| source-diff | net-exec-file:artifacts/env-template/public/peers.594ed643999ac304b48e.js | AI (source-diff): Webpack chunk with __webpack_require__; not dropper malware, consistent with teambit UI bundle pattern. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/peers.594ed643999ac304b48e.js | AI (source-diff): Standard webpack bundle chunk containing MDX/React peer libraries. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/492.6a591c3edb115fa70c83.js | AI (source-diff): Standard webpack-minified frontend chunk in Bit's env-template preview; not obfuscation. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/peers.78f01a0ed15854a976c8.js | AI (source-diff): Standard webpack-minified frontend chunk in Bit's env-template preview; not obfuscation. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/overview.d440a48034b5938296de.js | AI (source-diff): Standard webpack-minified frontend chunk in Bit's env-template preview; not obfuscation. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/compositions.9888eb383a8d27505848.js | AI (source-diff): Standard webpack-minified frontend chunk in Bit's env-template preview; not obfuscation. | ai | |
| source-diff | net-exec-file:artifacts/env-template/public/553.616ef114bdea8ed4aba5.js | AI (source-diff): Webpack bundle with __webpack_require__; network+exec pattern is normal for bundled UI code. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/553.616ef114bdea8ed4aba5.js | AI (source-diff): Standard webpack-minified frontend chunk in Bit's env-template preview; not obfuscation. | ai | |
| source-diff | net-exec-file:artifacts/env-template/public/492.6a591c3edb115fa70c83.js | AI (source-diff): Webpack bundle with __webpack_require__; network+exec pattern is normal for bundled UI code. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/overview.8cfea31c213d31d713dc.js | AI (source-diff): Webpack bundle for Bit overview preview; minification expected. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/peers.d8ac47b048788af41e37.js | AI (source-diff): Webpack peers bundle exposing React/MDX globals; minification expected. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/compositions.d9c62e3865f76adddeee.js | AI (source-diff): Webpack bundle for Bit preview modules; minification expected in build artifacts. | ai | |
| source-diff | net-exec-file:artifacts/env-template/public/492.69e02a95933f5b481922.js | AI (source-diff): webpack __webpack_require__ pattern in preview bundle; not a dropper/loader. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/overview.ac964626f7928b1b1650.js | AI (source-diff): Standard webpack bundle in Bit's env-template preview artifacts; not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/peers.5f0610203333016e98be.js | AI (source-diff): Standard webpack bundle in Bit's env-template preview artifacts; not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/492.69e02a95933f5b481922.js | AI (source-diff): Standard webpack bundle in Bit's env-template preview artifacts; not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/compositions.65ae6b87278fc7babe29.js | AI (source-diff): Standard webpack bundle in Bit's env-template preview artifacts; not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/overview.3c76fd0c006884f4e5a7.js | AI (source-diff): Webpack-minified UI preview bundle; standard build artifact for @teambit packages. | ai | |
| source-diff | net-exec-file:artifacts/env-template/public/760.847613853bcbcc911626.js | AI (source-diff): Webpack bundle with __webpack_require__; not a dropper, standard module loader pattern. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/760.847613853bcbcc911626.js | AI (source-diff): Webpack-minified UI preview bundle; standard build artifact for @teambit packages. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/peers.0bfb56a73bbde8f897b5.js | AI (source-diff): Webpack-minified UI preview bundle; standard build artifact for @teambit packages. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/compositions.2430fd51bf303bb0c662.js | AI (source-diff): Webpack-minified UI preview bundle; standard build artifact for @teambit packages. | ai | |
| dependencies | unvetted-dep:@teambit/compilation.babel-compiler | AI (dependencies): Internal @teambit org sibling dep; consistent across versions of this package. | ai | |
| dependencies | unvetted-dep:@teambit/legacy.constants | AI (dependencies): Internal @teambit org sibling dep; consistent across versions of this package. | ai | |
| dependencies | unvetted-dep:@teambit/toolbox.path.path | AI (dependencies): Internal @teambit org sibling dep; consistent across versions of this package. | ai | |
| dependencies | unvetted-dep:@bitdev/symphony.generators.symphony-templates | AI (dependencies): Related @bitdev org dep used by teambit packages; stable pattern. | ai | |
| dependencies | unvetted-dep:@teambit/defender.jest-tester | AI (dependencies): Internal @teambit org sibling dep; consistent across versions of this package. | ai | |
| dependencies | unvetted-dep:@teambit/defender.tester-task | AI (dependencies): Internal @teambit org sibling dep; consistent across versions of this package. | ai | |
| dependencies | unvetted-dep:@teambit/legacy.extension-data | AI (dependencies): Internal @teambit org sibling dep; consistent across versions of this package. | ai | |
| dependencies | unvetted-dep:@bitdev/symphony.generators.symphony-starters | AI (dependencies): Related @bitdev org dep used by teambit packages; stable pattern. | ai | |
| dependencies | unvetted-dep:@teambit/typescript.typescript-compiler | AI (dependencies): Internal @teambit org sibling dep; consistent across versions of this package. | ai | |
| dependencies | unvetted-dep:@teambit/defender.prettier-formatter | AI (dependencies): Internal @teambit org sibling dep; consistent across versions of this package. | ai | |
| dependencies | unvetted-dep:@teambit/defender.eslint-linter | AI (dependencies): Internal @teambit org sibling dep; consistent across versions of this package. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/271.8983b12775e9c1379e11.js | AI (source-diff): Webpack-bundled preview chunk; standard Bit component preview artifact pattern. | ai | |
| source-diff | net-exec-file:artifacts/env-template/public/271.8983b12775e9c1379e11.js | AI (source-diff): Webpack chunk with __webpack_require__ dynamic loading; not dropper malware. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/compositions.31f2db8e52bdcfe00611.js | AI (source-diff): Bit preview compositions chunk; standard webpack build artifact. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/overview.99c1c1a101b118fff701.js | AI (source-diff): Bit preview overview chunk; standard webpack build artifact. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/peers.0fde9d53c2a787efe0ef.js | AI (source-diff): Bit peer dependencies bundle; standard webpack build artifact exposing React/MDX globals. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/compositions.945b8e6f02ba5dc59a1f.js | AI (source-diff): Standard webpack-bundled preview artifact for Bit's env-template system; consistent pattern across all versions. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/peers.e5f300c4acdbaee5d4be.js | AI (source-diff): Webpack bundle exposing React/MDX peer deps to global scope for Bit preview; benign and expected pattern. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/overview.1cd2d7564d53fe1c7814.js | AI (source-diff): Standard webpack-bundled preview artifact for Bit's env-template system; consistent pattern across all versions. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/compositions.d539161476046c68d917.js | AI (source-diff): Standard webpack bundle for Bit env-template preview; not malicious obfuscation. | ai | |
| source-diff | net-exec-file:artifacts/env-template/public/911.a18d7d9a37bb3e0ec95c.js | AI (source-diff): Webpack chunk loader pattern; network+exec pattern is from bundled UI code, not dropper malware. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/911.a18d7d9a37bb3e0ec95c.js | AI (source-diff): Standard webpack bundle for Bit env-template preview; not malicious obfuscation. | ai | |
| source-diff | net-exec-file:artifacts/env-template/public/492.7c3761433796ef60e91c.js | AI (source-diff): Webpack chunk loader pattern; network+exec pattern is from bundled UI code, not dropper malware. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/492.7c3761433796ef60e91c.js | AI (source-diff): Standard webpack bundle for Bit env-template preview; not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/peers.99eb798ab8791fcf44fa.js | AI (source-diff): Standard webpack bundle for Bit env-template preview; not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/overview.027b210f08747d377690.js | AI (source-diff): Standard webpack bundle for Bit env-template preview; not malicious obfuscation. | ai | |
| source-diff | net-exec-file:artifacts/env-template/public/372.747516dd003c8cd1f1c0.js | AI (source-diff): Webpack chunk with __webpack_require__ dynamic loading; expected pattern for Bit preview bundles. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/peers.e74a82acb0e7fa3adc96.js | AI (source-diff): Standard webpack bundle exposing React/MDX peer globals; not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/overview.9b2f721962f04f1a1dcc.js | AI (source-diff): Standard webpack bundle with regenerator-runtime; not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/compositions.743f64e4a6c7cebaa07b.js | AI (source-diff): Standard webpack bundle for Bit preview modules; not malicious obfuscation. | ai | |
| source-diff | net-exec-file:artifacts/env-template/public/492.196589abe38b081357b1.js | AI (source-diff): Webpack chunk with __webpack_require__; expected pattern for Bit preview bundles. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/492.196589abe38b081357b1.js | AI (source-diff): Standard webpack bundle (floating-ui/React); not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/372.747516dd003c8cd1f1c0.js | AI (source-diff): Standard webpack bundle for Bit's env-template preview UI; not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/overview.66ad498a89e4e6547c87.js | AI (source-diff): Standard webpack bundle artifact in Bit's env-template preview; not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/peers.089d80113b166fcc7c92.js | AI (source-diff): Standard webpack bundle artifact in Bit's env-template preview; not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/compositions.93b817effcce2f50b827.js | AI (source-diff): Standard webpack bundle artifact in Bit's env-template preview; not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/compositions.eb92533d0ba14b07174b.js | AI (source-diff): Webpack-bundled frontend preview asset; minification is expected for this package's env-template artifacts. | ai | |
| source-diff | net-exec-file:artifacts/env-template/public/382.565b03c5d3748e06fc46.js | AI (source-diff): Network+exec pattern is webpack module loader boilerplate in a browser preview bundle, not dropper malware. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/382.565b03c5d3748e06fc46.js | AI (source-diff): Webpack-bundled frontend preview asset; minification is expected for this package's env-template artifacts. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/peers.422a7d8edf93ed9ae5f8.js | AI (source-diff): Webpack-bundled frontend preview asset; minification is expected for this package's env-template artifacts. | ai | |
| source-diff | obfuscated-file:artifacts/env-template/public/overview.812e636dbaca23c00bf6.js | AI (source-diff): Webpack-bundled frontend preview asset; minification is expected for this package's env-template artifacts. | ai | |
| phantom-deps | phantom-dep:@teambit/isolator | AI (phantom-deps): Same-org phantom dep in a large monorepo; stable false positive for this package. | ai | |
| npm-metadata | no-description | AI (npm-metadata): Established teambit package; missing description is cosmetic, not a risk signal here. | ai | |
| semgrep | semgrep:new-function-constructor | AI (semgrep): Fires in a webpack bundle artifact; standard webpack runtime pattern for this build toolchain. | ai | |
| phantom-deps | phantom-dep:@teambit/defender.tester-task | AI (phantom-deps): Same-org phantom dep in a large monorepo; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@teambit/typescript | AI (phantom-deps): Same-org phantom dep in a large monorepo; stable false positive for this package. | ai |
Versions (showing 21 of 21)
| Version | Deps | Published |
|---|---|---|
| 1.0.996 | 56 / 3 | |
| 1.0.990 | 56 / 3 | |
| 1.0.988 | 56 / 3 | |
| 1.0.981 | 56 / 3 | |
| 1.0.979 | 56 / 3 | |
| 1.0.972 | 56 / 3 | |
| 1.0.971 | 56 / 3 | |
| 1.0.970 | 56 / 3 | |
| 1.0.969 | 56 / 3 | |
| 1.0.968 | 56 / 3 | |
| 1.0.967 | 56 / 3 | |
| 1.0.962 | 56 / 3 | |
| 1.0.958 | 56 / 3 | |
| 1.0.939 | 56 / 3 | |
| 1.0.936 | 56 / 3 | |
| 1.0.935 | 56 / 3 | |
| 1.0.928 | 56 / 3 | |
| 1.0.926 | 56 / 3 | |
| 1.0.629 | 55 / 3 | |
| 1.0.628 | 55 / 3 | |
| 1.0.620 | 55 / 3 |
v1.0.996
10 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.990
8 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.988
8 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.981
8 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.979
8 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.972
8 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.971
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.970
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.969
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.967
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.962
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.958
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.939
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.936
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.935
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.928
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.926
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.629
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.628
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.620
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.