← Home

@teambit/command-bar

npm Repository Homepage
37
Versions
Apache-2.0
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

teambit-ownershohamgiladdavidfirstranm8guysaaritaymendelerezbitjoshk2redigmayona007

Keywords

bitbit-aspectbit-core-aspectcomponentscollaborationweb

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
npm-metadata no-description AI (npm-metadata): Established package with 2900+ versions; missing description is stable metadata pattern. ai
provenance no-provenance AI (provenance): Long-standing package; provenance absence is consistent across versions. ai
dependencies unvetted-dep:@teambit/harmony AI (dependencies): Sibling @teambit/* package from same monorepo; unvetted status is a registry gap, not a risk. ai
dependencies unvetted-dep:@teambit/bit-error AI (dependencies): Sibling @teambit/* package from same monorepo; unvetted status is a registry gap, not a risk. ai
dependencies unvetted-dep:@teambit/react-router AI (dependencies): Sibling @teambit/* package from same monorepo; unvetted status is a registry gap, not a risk. ai
dependencies unvetted-dep:@teambit/base-ui.text.muted-text AI (dependencies): Sibling @teambit/* package from same monorepo; unvetted status is a registry gap, not a risk. ai
dependencies unvetted-dep:@teambit/ui AI (dependencies): Sibling @teambit/* package from same monorepo; unvetted status is a registry gap, not a risk. ai
dependencies unvetted-dep:@teambit/ui-foundation.ui.keycap AI (dependencies): Sibling @teambit/* package from same monorepo; unvetted status is a registry gap, not a risk. ai
dependencies unvetted-dep:@teambit/design.ui.styles.ellipsis AI (dependencies): Sibling @teambit/* package from same monorepo; unvetted status is a registry gap, not a risk. ai
dependencies unvetted-dep:@teambit/ui-foundation.ui.is-browser AI (dependencies): Sibling @teambit/* package from same monorepo; unvetted status is a registry gap, not a risk. ai
dependencies unvetted-dep:@teambit/design.buttons.action-button AI (dependencies): Sibling @teambit/* package from same monorepo; unvetted status is a registry gap, not a risk. ai
dependencies unvetted-dep:@teambit/explorer.ui.command-bar AI (dependencies): Sibling @teambit/* package from same monorepo; unvetted status is a registry gap, not a risk. ai
dependencies unvetted-dep:@teambit/pubsub AI (dependencies): Sibling @teambit/* package from same monorepo; unvetted status is a registry gap, not a risk. ai

Versions (showing 37 of 37)

Version Deps Published
1.0.972 15 / 6
1.0.971 15 / 6
1.0.970 15 / 6
1.0.968 15 / 6
1.0.967 15 / 6
1.0.966 15 / 6
1.0.964 15 / 6
1.0.963 15 / 6
1.0.962 15 / 6
1.0.961 15 / 6
1.0.960 15 / 6
1.0.958 15 / 6
1.0.956 15 / 6
1.0.955 15 / 6
1.0.954 15 / 6
1.0.952 15 / 6
1.0.951 15 / 6
1.0.949 15 / 6
1.0.948 15 / 6
1.0.947 15 / 6
1.0.946 15 / 6
1.0.944 15 / 6
1.0.943 15 / 6
1.0.941 15 / 6
1.0.940 15 / 6
1.0.938 15 / 6
1.0.937 15 / 6
1.0.936 15 / 6
1.0.935 15 / 6
1.0.934 15 / 6
1.0.933 15 / 6
1.0.932 15 / 6
1.0.931 15 / 6
1.0.929 15 / 6
1.0.928 15 / 6
1.0.926 15 / 6
1.0.925 15 / 6

v1.0.972

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.971

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.970

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.