← Home

@teambit/dependency-resolver

npm Repository Homepage
15
Versions
Apache-2.0
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

teambit-ownershohamgiladdavidfirstranm8guysaaritaymendelerezbitjoshk2redigmayona007

Keywords

bitbit-aspectbit-core-aspectcomponentscollaborationweb

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
npm-metadata no-description AI (npm-metadata): Established package with strong ecosystem trust; missing description is not a malware signal. ai
provenance no-provenance AI (provenance): Provenance absence is a best-practice gap, not a security disqualifier for established packages. ai
dependencies unvetted-dep:@teambit/workspace.root-components AI (dependencies): Same-org @teambit/* dep; consistent pattern across all teambit packages. ai
dependencies unvetted-dep:@teambit/harmony.modules.feature-toggle AI (dependencies): Same-org @teambit/* dep; consistent pattern across all teambit packages. ai
dependencies unvetted-dep:@teambit/pkg.modules.component-package-name AI (dependencies): Same-org @teambit/* dep; consistent pattern across all teambit packages. ai
dependencies unvetted-dep:@teambit/harmony.modules.requireable-component AI (dependencies): Same-org @teambit/* dep; consistent pattern across all teambit packages. ai
dependencies unvetted-dep:@teambit/scope.network AI (dependencies): First-party teambit dependency; stable ecosystem pattern. ai
dependencies unvetted-dep:@teambit/component-issues AI (dependencies): First-party teambit dependency; stable ecosystem pattern. ai
dependencies unvetted-dep:@teambit/legacy.constants AI (dependencies): First-party teambit dependency; stable ecosystem pattern. ai
dependencies unvetted-dep:@teambit/component-version AI (dependencies): First-party teambit dependency; stable ecosystem pattern. ai
dependencies unvetted-dep:@teambit/component.sources AI (dependencies): First-party teambit dependency; stable ecosystem pattern. ai
dependencies unvetted-dep:@teambit/toolbox.path.path AI (dependencies): First-party teambit dependency; stable ecosystem pattern. ai
dependencies unvetted-dep:@teambit/toolbox.crypto.sha1 AI (dependencies): First-party teambit dependency; stable ecosystem pattern. ai
dependencies unvetted-dep:@pnpm/core AI (dependencies): Core pnpm dependency used throughout teambit/bit ecosystem; stable pattern. ai
dependencies unvetted-dep:@teambit/pkg.entities.registry AI (dependencies): First-party teambit dependency; stable ecosystem pattern. ai
dependencies unvetted-dep:@teambit/toolbox.object.sorter AI (dependencies): First-party teambit dependency; stable ecosystem pattern. ai
dependencies unvetted-dep:@teambit/legacy.consumer-config AI (dependencies): First-party teambit dependency; stable ecosystem pattern. ai
dependencies unvetted-dep:@teambit/component-package-version AI (dependencies): First-party teambit dependency; stable ecosystem pattern. ai
dependencies unvetted-dep:@teambit/legacy.consumer-component AI (dependencies): First-party teambit dependency; stable ecosystem pattern. ai
dependencies unvetted-dep:@teambit/pkg.modules.semver-helper AI (dependencies): First-party teambit dependency; stable ecosystem pattern. ai
dependencies unvetted-dep:@teambit/legacy.extension-data AI (dependencies): First-party teambit dependency; stable ecosystem pattern. ai
dependencies unvetted-dep:@teambit/harmony AI (dependencies): First-party teambit dependency; consistent across all @teambit packages. ai
dependencies unvetted-dep:@teambit/bvm.path AI (dependencies): First-party teambit dependency; stable ecosystem pattern. ai
dependencies unvetted-dep:@teambit/bit-error AI (dependencies): First-party teambit dependency; stable ecosystem pattern. ai
dependencies unvetted-dep:@teambit/component-id AI (dependencies): First-party teambit dependency; stable ecosystem pattern. ai
dependencies unvetted-dep:@teambit/legacy-bit-id AI (dependencies): First-party teambit dependency; stable ecosystem pattern. ai

Versions (showing 15 of 15)

Version Deps Published
1.0.996 51 / 7
1.0.988 51 / 7
1.0.982 51 / 7
1.0.981 51 / 7
1.0.980 51 / 7
1.0.978 51 / 7
1.0.977 51 / 7
1.0.974 51 / 7
1.0.972 51 / 7
1.0.971 51 / 7
1.0.970 51 / 7
1.0.969 51 / 7
1.0.968 51 / 7
1.0.950 51 / 7
1.0.925 51 / 7

v1.0.996

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.988

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.982

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.981

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.980

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.978

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.977

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.974

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.972

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.971

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.970

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.969

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.950

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.