@teambit/changelog
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:@teambit/component.ui.version-block | AI (dependencies): Internal @teambit scoped dependency; consistent with this package's established monorepo publishing pattern. | ai | |
| dependencies | unvetted-dep:@teambit/component.instructions.exporting-components | AI (dependencies): Internal @teambit scoped dependency; consistent with this package's established monorepo publishing pattern. | ai | |
| npm-metadata | no-description | AI (npm-metadata): Established teambit component package; missing description is a known pattern across their published components. | ai | |
| provenance | no-provenance | AI (provenance): Teambit publishes thousands of packages without provenance; consistent pattern, not a risk signal here. | ai |
Versions (showing 37 of 250)
| Version | Deps | Published |
|---|---|---|
| 1.0.806 | 11 / 3 | |
| 1.0.805 | 11 / 3 | |
| 1.0.804 | 11 / 3 | |
| 1.0.803 | 11 / 3 | |
| 1.0.802 | 11 / 3 | |
| 1.0.801 | 11 / 3 | |
| 1.0.800 | 11 / 3 | |
| 1.0.799 | 11 / 3 | |
| 1.0.798 | 11 / 3 | |
| 1.0.797 | 11 / 3 | |
| 1.0.796 | 11 / 3 | |
| 1.0.795 | 11 / 3 | |
| 1.0.794 | 11 / 3 | |
| 1.0.793 | 11 / 3 | |
| 1.0.792 | 11 / 3 | |
| 1.0.791 | 11 / 3 | |
| 1.0.790 | 11 / 3 | |
| 1.0.789 | 11 / 3 | |
| 1.0.788 | 11 / 3 | |
| 1.0.787 | 11 / 3 | |
| 1.0.786 | 11 / 3 | |
| 1.0.785 | 11 / 3 | |
| 1.0.784 | 11 / 3 | |
| 1.0.783 | 11 / 3 | |
| 1.0.782 | 11 / 3 | |
| 1.0.781 | 11 / 3 | |
| 1.0.780 | 11 / 3 | |
| 1.0.779 | 11 / 3 | |
| 1.0.778 | 11 / 3 | |
| 1.0.777 | 11 / 3 | |
| 1.0.776 | 11 / 3 | |
| 1.0.775 | 11 / 3 | |
| 1.0.627 | 11 / 3 | |
| 1.0.625 | 11 / 3 | |
| 1.0.613 | 11 / 3 | |
| 1.0.612 | 11 / 3 | |
| 1.0.611 | 11 / 3 |
v1.0.806
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.805
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.804
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.803
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.802
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.801
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.800
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.799
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.798
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.797
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.796
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.795
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.794
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.793
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.792
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.791
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.790
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.789
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.788
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.787
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.786
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.785
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.784
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.783
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.782
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.781
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.780
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.779
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.778
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.777
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.776
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.775
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.627
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.625
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.613
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.612
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.611
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.