← Home

@teambit/formatter

npm Repository Homepage
19
Versions
Apache-2.0
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

teambit-ownershohamgiladdavidfirstranm8guysaaritaymendelerezbitjoshk2redigmayona007

Keywords

bitbit-aspectbit-core-aspectcomponentscollaborationweb

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
npm-metadata no-description AI (npm-metadata): Established package with 2505 versions; missing description is metadata gap, not malware signal. ai
provenance no-provenance AI (provenance): Provenance absence is advisory; established package with stable release history. ai
dependencies unvetted-dep:@teambit/logger AI (dependencies): Sibling @teambit monorepo dep; not independently malicious. ai
dependencies unvetted-dep:@teambit/builder AI (dependencies): Sibling @teambit monorepo dep; not independently malicious. ai
dependencies unvetted-dep:@teambit/harmony AI (dependencies): Sibling @teambit monorepo dep; not independently malicious. ai
dependencies unvetted-dep:@teambit/snapping AI (dependencies): Sibling @teambit monorepo dep; not independently malicious. ai
dependencies unvetted-dep:@teambit/cli AI (dependencies): Sibling @teambit monorepo dep; not independently malicious. ai
dependencies unvetted-dep:@teambit/workspace AI (dependencies): Sibling @teambit monorepo dep; not independently malicious. ai
dependencies unvetted-dep:@teambit/legacy.constants AI (dependencies): Sibling @teambit monorepo dep; not independently malicious. ai
dependencies unvetted-dep:@teambit/toolbox.time.timer AI (dependencies): Sibling @teambit monorepo dep; not independently malicious. ai
dependencies unvetted-dep:@teambit/component AI (dependencies): Sibling @teambit monorepo dep; not independently malicious. ai
dependencies unvetted-dep:@teambit/envs AI (dependencies): Sibling @teambit monorepo dep; not independently malicious. ai

Versions (showing 19 of 119)

Version Deps Published
1.0.809 14 / 4
1.0.808 14 / 4
1.0.807 14 / 4
1.0.806 14 / 4
1.0.804 14 / 4
1.0.802 14 / 4
1.0.801 14 / 4
1.0.800 14 / 4
1.0.797 14 / 4
1.0.628 14 / 4
1.0.626 14 / 4
1.0.625 14 / 4
1.0.623 14 / 4
1.0.621 14 / 4
1.0.620 14 / 4
1.0.618 14 / 4
1.0.616 14 / 4
1.0.611 14 / 4
1.0.610 14 / 4

v1.0.809

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.808

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.807

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.806

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.804

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.802

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.801

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.800

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.797

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.628

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.626

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.625

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.623

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.621

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.620

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.618

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.616

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.611

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.610

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.