← Home

@teambit/bundler

npm Repository Homepage
36
Versions
Apache-2.0
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

teambit-ownershohamgiladdavidfirstranm8guysaaritaymendelerezbitjoshk2redigmayona007

Keywords

bitbit-aspectbit-core-aspectcomponentscollaborationweb

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
dependencies unvetted-dep:@teambit/cli AI (dependencies): Sibling @teambit monorepo dep; stable pattern across all versions of this package. ai
dependencies unvetted-dep:@teambit/envs AI (dependencies): Sibling @teambit monorepo dep; stable pattern across all versions of this package. ai
dependencies unvetted-dep:@teambit/pubsub AI (dependencies): Sibling @teambit monorepo dep; stable pattern across all versions of this package. ai
dependencies unvetted-dep:@teambit/builder AI (dependencies): Sibling @teambit monorepo dep; stable pattern across all versions of this package. ai
dependencies unvetted-dep:@teambit/graphql AI (dependencies): Sibling @teambit monorepo dep; stable pattern across all versions of this package. ai
dependencies unvetted-dep:@teambit/harmony AI (dependencies): Sibling @teambit monorepo dep; stable pattern across all versions of this package. ai
dependencies unvetted-dep:@teambit/component AI (dependencies): Sibling @teambit monorepo dep; stable pattern across all versions of this package. ai
dependencies unvetted-dep:@teambit/legacy.bit-map AI (dependencies): Sibling @teambit monorepo dep; stable pattern across all versions of this package. ai
dependencies unvetted-dep:@teambit/toolbox.path.path AI (dependencies): Sibling @teambit monorepo dep; stable pattern across all versions of this package. ai
dependencies unvetted-dep:@teambit/dependency-resolver AI (dependencies): Sibling @teambit monorepo dep; stable pattern across all versions of this package. ai
dependencies unvetted-dep:@teambit/toolbox.network.get-port AI (dependencies): Sibling @teambit monorepo dep; stable pattern across all versions of this package. ai
npm-metadata no-description AI (npm-metadata): Bit component packages omit npm description by convention; stable false positive for this package. ai
provenance no-provenance AI (provenance): Teambit publishes without Sigstore provenance; consistent across all versions. ai

Versions (showing 36 of 36)

Version Deps Published
1.0.972 15 / 3
1.0.971 15 / 3
1.0.970 15 / 3
1.0.968 15 / 3
1.0.967 15 / 3
1.0.966 15 / 3
1.0.964 15 / 3
1.0.963 15 / 3
1.0.962 15 / 3
1.0.961 15 / 3
1.0.960 15 / 3
1.0.959 15 / 3
1.0.958 15 / 3
1.0.955 15 / 3
1.0.954 15 / 3
1.0.953 15 / 3
1.0.952 15 / 3
1.0.950 15 / 3
1.0.948 15 / 3
1.0.947 15 / 3
1.0.946 15 / 3
1.0.945 15 / 3
1.0.944 15 / 3
1.0.942 15 / 3
1.0.941 15 / 3
1.0.940 15 / 3
1.0.939 15 / 3
1.0.938 15 / 3
1.0.936 15 / 3
1.0.935 15 / 3
1.0.934 15 / 3
1.0.933 15 / 3
1.0.931 15 / 3
1.0.929 15 / 3
1.0.928 15 / 3
1.0.925 15 / 3

v1.0.972

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.971

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.970

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.