@teambit/component.ui.component-drawer
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | publisher-changed | AI (provenance): davidfirst is a trusted teambit org publisher with 206 approved packages and no rejections; transition appears legitimate. | ai | |
| phantom-deps | phantom-dep:core-js | AI (phantom-deps): core-js is a known polyfill runtime dep; phantom-dep false positive for this package. | ai |
Versions (showing 36 of 36)
| Version | Deps | Published |
|---|---|---|
| 0.0.482 | 15 / 9 | |
| 0.0.481 | 15 / 9 | |
| 0.0.480 | 15 / 9 | |
| 0.0.479 | 15 / 9 | |
| 0.0.478 | 15 / 9 | |
| 0.0.477 | 15 / 9 | |
| 0.0.476 | 15 / 9 | |
| 0.0.475 | 15 / 9 | |
| 0.0.474 | 15 / 9 | |
| 0.0.473 | 15 / 9 | |
| 0.0.472 | 15 / 9 | |
| 0.0.471 | 15 / 9 | |
| 0.0.470 | 15 / 9 | |
| 0.0.469 | 15 / 9 | |
| 0.0.468 | 15 / 9 | |
| 0.0.467 | 15 / 9 | |
| 0.0.466 | 15 / 9 | |
| 0.0.465 | 15 / 9 | |
| 0.0.464 | 15 / 9 | |
| 0.0.463 | 15 / 9 | |
| 0.0.462 | 15 / 9 | |
| 0.0.461 | 15 / 9 | |
| 0.0.460 | 15 / 9 | |
| 0.0.457 | 15 / 9 | |
| 0.0.456 | 15 / 9 | |
| 0.0.455 | 15 / 9 | |
| 0.0.454 | 15 / 9 | |
| 0.0.453 | 15 / 9 | |
| 0.0.452 | 15 / 9 | |
| 0.0.451 | 15 / 9 | |
| 0.0.450 | 15 / 9 | |
| 0.0.449 | 15 / 9 | |
| 0.0.448 | 15 / 9 | |
| 0.0.447 | 15 / 9 | |
| 0.0.446 | 15 / 9 | |
| 0.0.445 | 15 / 9 |
v0.0.482
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.481
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.480
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.478
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.477
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.476
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.475
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.474
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.473
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.472
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.471
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.470
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.469
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.468
2 findingsThis version was published by a different npm account than previous versions on 2025-09-29. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.467
2 findingsThis version was published by a different npm account than previous versions on 2025-09-26. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.466
2 findingsThis version was published by a different npm account than previous versions on 2025-09-10. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.465
2 findingsThis version was published by a different npm account than previous versions on 2025-08-29. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.464
2 findingsThis version was published by a different npm account than previous versions on 2025-08-19. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.463
2 findingsThis version was published by a different npm account than previous versions on 2025-08-19. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.462
2 findingsThis version was published by a different npm account than previous versions on 2025-08-15. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.461
2 findingsThis version was published by a different npm account than previous versions on 2025-08-15. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.460
2 findingsThis version was published by a different npm account than previous versions on 2025-08-14. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.457
2 findingsThis version was published by a different npm account than previous versions on 2025-08-12. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.456
2 findingsThis version was published by a different npm account than previous versions on 2025-08-11. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.455
2 findingsThis version was published by a different npm account than previous versions on 2025-08-11. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.454
2 findingsThis version was published by a different npm account than previous versions on 2025-08-07. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.453
2 findingsThis version was published by a different npm account than previous versions on 2025-08-06. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.452
2 findingsThis version was published by a different npm account than previous versions on 2025-07-30. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.451
2 findingsThis version was published by a different npm account than previous versions on 2025-07-30. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.450
2 findingsThis version was published by a different npm account than previous versions on 2025-07-22. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.449
2 findingsThis version was published by a different npm account than previous versions on 2025-07-17. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.448
2 findingsThis version was published by a different npm account than previous versions on 2025-07-14. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.447
2 findingsThis version was published by a different npm account than previous versions on 2025-07-03. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.446
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.445
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.