@teambit/component-sizer

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

teambit-ownershohamgiladdavidfirstranm8guysaaritaymendelerezbitjoshk2redigmayona007

Keywords

bitbit-aspectbit-core-aspectcomponentscollaborationweb

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
npm-metadata	no-description	AI (npm-metadata): Monorepo component with valid repo and keywords; description gap is stable.	ai	2026/04/30
provenance	no-provenance	AI (provenance): Established monorepo package; provenance absence is consistent across versions.	ai	2026/04/30
dependencies	unvetted-dep:@teambit/docs	AI (dependencies): Sibling @teambit/* dep in the established Bit monorepo ecosystem; not a malware signal.	ai	2026/04/29
dependencies	unvetted-dep:@teambit/graphql	AI (dependencies): Sibling @teambit/* dep in the established Bit monorepo ecosystem; not a malware signal.	ai	2026/04/29
dependencies	unvetted-dep:@teambit/harmony	AI (dependencies): Sibling @teambit/* dep in the established Bit monorepo ecosystem; not a malware signal.	ai	2026/04/29
dependencies	unvetted-dep:@teambit/preview	AI (dependencies): Sibling @teambit/* dep in the established Bit monorepo ecosystem; not a malware signal.	ai	2026/04/29
dependencies	unvetted-dep:@teambit/component	AI (dependencies): Sibling @teambit/* dep in the established Bit monorepo ecosystem; not a malware signal.	ai	2026/04/29
dependencies	unvetted-dep:@teambit/ui	AI (dependencies): Sibling @teambit/* dep in the established Bit monorepo ecosystem; not a malware signal.	ai	2026/04/29
dependencies	unvetted-dep:@teambit/design.ui.tooltip	AI (dependencies): Sibling @teambit/* dep in the established Bit monorepo ecosystem; not a malware signal.	ai	2026/04/29
dependencies	unvetted-dep:@teambit/design.ui.pill-label	AI (dependencies): Sibling @teambit/* dep in the established Bit monorepo ecosystem; not a malware signal.	ai	2026/04/29
dependencies	unvetted-dep:@teambit/component.ui.component-size	AI (dependencies): Sibling @teambit/* dep in the established Bit monorepo ecosystem; not a malware signal.	ai	2026/04/29
dependencies	unvetted-dep:@teambit/base-react.themes.theme-switcher	AI (dependencies): Sibling @teambit/* dep in the established Bit monorepo ecosystem; not a malware signal.	ai	2026/04/29
dependencies	unvetted-dep:@teambit/ui-foundation.ui.react-router.use-query	AI (dependencies): Sibling @teambit/* dep in the established Bit monorepo ecosystem; not a malware signal.	ai	2026/04/29
dependencies	unvetted-dep:@teambit/workspace	AI (dependencies): Sibling @teambit/* dep in the established Bit monorepo ecosystem; not a malware signal.	ai	2026/04/29
dependencies	unvetted-dep:@teambit/cli	AI (dependencies): Sibling @teambit/* dep in the established Bit monorepo ecosystem; not a malware signal.	ai	2026/04/29

Versions (showing 51 of 155)

View all versions

Version	Deps	Published
1.0.972	14 / 2	2026-04-30
1.0.971	14 / 2	2026-04-30
1.0.970	14 / 2	2026-04-29
1.0.969	14 / 2	2026-04-29
1.0.968	14 / 2	2026-04-28
1.0.967	14 / 2	2026-04-27
1.0.966	14 / 2	2026-04-23
1.0.964	14 / 2	2026-04-22
1.0.963	14 / 2	2026-04-22
1.0.962	14 / 2	2026-04-21
1.0.961	14 / 2	2026-04-21
1.0.960	14 / 2	2026-04-21
1.0.959	14 / 2	2026-04-21
1.0.958	14 / 2	2026-04-21
1.0.957	14 / 2	2026-04-20
1.0.956	14 / 2	2026-04-20
1.0.953	14 / 2	2026-04-19
1.0.952	14 / 2	2026-04-17
1.0.950	14 / 2	2026-04-16
1.0.948	14 / 2	2026-04-16
1.0.947	14 / 2	2026-04-15
1.0.946	14 / 2	2026-04-15
1.0.945	14 / 2	2026-04-15
1.0.942	14 / 2	2026-04-13
1.0.941	14 / 2	2026-04-13
1.0.940	14 / 2	2026-04-09
1.0.939	14 / 2	2026-04-08
1.0.938	14 / 2	2026-04-07
1.0.936	14 / 2	2026-04-07
1.0.935	14 / 2	2026-04-07
1.0.934	14 / 2	2026-04-06
1.0.933	14 / 2	2026-04-06
1.0.932	14 / 2	2026-04-06
1.0.930	14 / 2	2026-04-05
1.0.929	14 / 2	2026-04-03
1.0.928	14 / 2	2026-04-02
1.0.927	14 / 2	2026-04-01
1.0.926	14 / 2	2026-03-31
1.0.925	14 / 2	2026-03-30
1.0.730	13 / 2	2025-08-27
1.0.729	13 / 2	2025-08-26
1.0.728	13 / 2	2025-08-26
1.0.727	13 / 2	2025-08-25
1.0.726	13 / 2	2025-08-25
1.0.725	13 / 2	2025-08-25
1.0.724	13 / 2	2025-08-25
1.0.723	13 / 2	2025-08-24
1.0.722	13 / 2	2025-08-22
1.0.721	13 / 2	2025-08-22
1.0.720	13 / 2	2025-08-22
1.0.719	13 / 2	2025-08-21

v1.0.972

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.971

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.970

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.969

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.730

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.729

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.728

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.727

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.726

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.725

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.724

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.723

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.722

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.721

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.720

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.719

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.