@teambit/component-sizer
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| npm-metadata | no-description | AI (npm-metadata): Monorepo component with valid repo and keywords; description gap is stable. | ai | |
| provenance | no-provenance | AI (provenance): Established monorepo package; provenance absence is consistent across versions. | ai | |
| dependencies | unvetted-dep:@teambit/docs | AI (dependencies): Sibling @teambit/* dep in the established Bit monorepo ecosystem; not a malware signal. | ai | |
| dependencies | unvetted-dep:@teambit/graphql | AI (dependencies): Sibling @teambit/* dep in the established Bit monorepo ecosystem; not a malware signal. | ai | |
| dependencies | unvetted-dep:@teambit/harmony | AI (dependencies): Sibling @teambit/* dep in the established Bit monorepo ecosystem; not a malware signal. | ai | |
| dependencies | unvetted-dep:@teambit/preview | AI (dependencies): Sibling @teambit/* dep in the established Bit monorepo ecosystem; not a malware signal. | ai | |
| dependencies | unvetted-dep:@teambit/component | AI (dependencies): Sibling @teambit/* dep in the established Bit monorepo ecosystem; not a malware signal. | ai | |
| dependencies | unvetted-dep:@teambit/ui | AI (dependencies): Sibling @teambit/* dep in the established Bit monorepo ecosystem; not a malware signal. | ai | |
| dependencies | unvetted-dep:@teambit/design.ui.tooltip | AI (dependencies): Sibling @teambit/* dep in the established Bit monorepo ecosystem; not a malware signal. | ai | |
| dependencies | unvetted-dep:@teambit/design.ui.pill-label | AI (dependencies): Sibling @teambit/* dep in the established Bit monorepo ecosystem; not a malware signal. | ai | |
| dependencies | unvetted-dep:@teambit/component.ui.component-size | AI (dependencies): Sibling @teambit/* dep in the established Bit monorepo ecosystem; not a malware signal. | ai | |
| dependencies | unvetted-dep:@teambit/base-react.themes.theme-switcher | AI (dependencies): Sibling @teambit/* dep in the established Bit monorepo ecosystem; not a malware signal. | ai | |
| dependencies | unvetted-dep:@teambit/ui-foundation.ui.react-router.use-query | AI (dependencies): Sibling @teambit/* dep in the established Bit monorepo ecosystem; not a malware signal. | ai | |
| dependencies | unvetted-dep:@teambit/workspace | AI (dependencies): Sibling @teambit/* dep in the established Bit monorepo ecosystem; not a malware signal. | ai | |
| dependencies | unvetted-dep:@teambit/cli | AI (dependencies): Sibling @teambit/* dep in the established Bit monorepo ecosystem; not a malware signal. | ai |
Versions (showing 100 of 155)
| Version | Deps | Published |
|---|---|---|
| 1.0.972 | 14 / 2 | |
| 1.0.971 | 14 / 2 | |
| 1.0.970 | 14 / 2 | |
| 1.0.969 | 14 / 2 | |
| 1.0.968 | 14 / 2 | |
| 1.0.967 | 14 / 2 | |
| 1.0.966 | 14 / 2 | |
| 1.0.964 | 14 / 2 | |
| 1.0.963 | 14 / 2 | |
| 1.0.962 | 14 / 2 | |
| 1.0.961 | 14 / 2 | |
| 1.0.960 | 14 / 2 | |
| 1.0.959 | 14 / 2 | |
| 1.0.958 | 14 / 2 | |
| 1.0.957 | 14 / 2 | |
| 1.0.956 | 14 / 2 | |
| 1.0.953 | 14 / 2 | |
| 1.0.952 | 14 / 2 | |
| 1.0.950 | 14 / 2 | |
| 1.0.948 | 14 / 2 | |
| 1.0.947 | 14 / 2 | |
| 1.0.946 | 14 / 2 | |
| 1.0.945 | 14 / 2 | |
| 1.0.942 | 14 / 2 | |
| 1.0.941 | 14 / 2 | |
| 1.0.940 | 14 / 2 | |
| 1.0.939 | 14 / 2 | |
| 1.0.938 | 14 / 2 | |
| 1.0.936 | 14 / 2 | |
| 1.0.935 | 14 / 2 | |
| 1.0.934 | 14 / 2 | |
| 1.0.933 | 14 / 2 | |
| 1.0.932 | 14 / 2 | |
| 1.0.930 | 14 / 2 | |
| 1.0.929 | 14 / 2 | |
| 1.0.928 | 14 / 2 | |
| 1.0.927 | 14 / 2 | |
| 1.0.926 | 14 / 2 | |
| 1.0.925 | 14 / 2 | |
| 1.0.730 | 13 / 2 | |
| 1.0.729 | 13 / 2 | |
| 1.0.728 | 13 / 2 | |
| 1.0.727 | 13 / 2 | |
| 1.0.726 | 13 / 2 | |
| 1.0.725 | 13 / 2 | |
| 1.0.724 | 13 / 2 | |
| 1.0.723 | 13 / 2 | |
| 1.0.722 | 13 / 2 | |
| 1.0.721 | 13 / 2 | |
| 1.0.720 | 13 / 2 | |
| 1.0.719 | 13 / 2 | |
| 1.0.718 | 13 / 2 | |
| 1.0.717 | 13 / 2 | |
| 1.0.716 | 13 / 2 | |
| 1.0.715 | 13 / 2 | |
| 1.0.713 | 13 / 2 | |
| 1.0.712 | 13 / 2 | |
| 1.0.711 | 13 / 2 | |
| 1.0.710 | 13 / 2 | |
| 1.0.709 | 13 / 2 | |
| 1.0.708 | 13 / 2 | |
| 1.0.707 | 13 / 2 | |
| 1.0.706 | 13 / 2 | |
| 1.0.705 | 13 / 2 | |
| 1.0.702 | 13 / 2 | |
| 1.0.700 | 13 / 2 | |
| 1.0.699 | 13 / 2 | |
| 1.0.698 | 13 / 2 | |
| 1.0.697 | 13 / 2 | |
| 1.0.696 | 13 / 2 | |
| 1.0.695 | 13 / 2 | |
| 1.0.694 | 13 / 2 | |
| 1.0.693 | 13 / 2 | |
| 1.0.692 | 13 / 2 | |
| 1.0.691 | 13 / 2 | |
| 1.0.690 | 13 / 2 | |
| 1.0.689 | 13 / 2 | |
| 1.0.688 | 13 / 2 | |
| 1.0.687 | 13 / 2 | |
| 1.0.686 | 13 / 2 | |
| 1.0.685 | 13 / 2 | |
| 1.0.684 | 13 / 2 | |
| 1.0.683 | 13 / 2 | |
| 1.0.682 | 13 / 2 | |
| 1.0.681 | 13 / 2 | |
| 1.0.680 | 13 / 2 | |
| 1.0.679 | 13 / 2 | |
| 1.0.678 | 13 / 2 | |
| 1.0.677 | 13 / 2 | |
| 1.0.676 | 13 / 2 | |
| 1.0.675 | 13 / 2 | |
| 1.0.674 | 13 / 2 | |
| 1.0.673 | 13 / 2 | |
| 1.0.672 | 13 / 2 | |
| 1.0.671 | 13 / 2 | |
| 1.0.670 | 13 / 2 | |
| 1.0.669 | 13 / 2 | |
| 1.0.668 | 13 / 2 | |
| 1.0.667 | 13 / 2 | |
| 1.0.666 | 13 / 2 |
v1.0.972
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.971
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.970
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.969
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.730
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.729
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.728
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.727
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.726
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.725
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.724
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.723
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.722
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.721
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.720
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.719
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.718
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.717
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.716
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.715
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.713
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.712
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.711
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.710
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.709
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.708
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.707
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.706
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.705
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.702
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.700
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.699
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.698
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.697
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.696
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.695
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.694
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.693
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.692
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.691
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.690
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.689
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.688
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.687
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.686
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.685
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.684
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.683
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.682
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.681
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.680
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.679
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.678
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.677
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.676
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.675
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.674
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.673
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.672
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.671
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.670
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.669
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.668
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.667
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.666
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.