@teambit/generator
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| publish-pattern | new-deps-added | AI (publish-pattern): New dep is a first-party @teambit scoped package; consistent with this package's established pattern of teambit dependencies. | ai | |
| dependencies | unvetted-dep:@teambit/harmony | AI (dependencies): Internal @teambit sibling dep; stable pattern across all versions of this package. | ai | |
| dependencies | unvetted-dep:@teambit/bit-error | AI (dependencies): Internal @teambit sibling dep; stable pattern across all versions of this package. | ai | |
| dependencies | unvetted-dep:@teambit/component-id | AI (dependencies): Internal @teambit sibling dep; stable pattern across all versions of this package. | ai | |
| dependencies | unvetted-dep:@teambit/legacy.scope | AI (dependencies): Internal @teambit sibling dep; stable pattern across all versions of this package. | ai | |
| dependencies | unvetted-dep:@teambit/legacy-bit-id | AI (dependencies): Internal @teambit sibling dep; stable pattern across all versions of this package. | ai | |
| dependencies | unvetted-dep:@teambit/git.modules.git-executable | AI (dependencies): Internal @teambit sibling dep; stable pattern across all versions of this package. | ai | |
| dependencies | unvetted-dep:@teambit/pkg.modules.component-package-name | AI (dependencies): Internal @teambit sibling dep; stable pattern across all versions of this package. | ai | |
| dependencies | unvetted-dep:@teambit/legacy.constants | AI (dependencies): Internal @teambit sibling dep; stable pattern across all versions of this package. | ai | |
| dependencies | unvetted-dep:@teambit/git.modules.git-ignore | AI (dependencies): Internal @teambit sibling dep; stable pattern across all versions of this package. | ai | |
| dependencies | unvetted-dep:@teambit/legacy.consumer-config | AI (dependencies): Internal @teambit sibling dep; stable pattern across all versions of this package. | ai | |
| npm-metadata | no-description | AI (npm-metadata): Established monorepo package; missing description is a cosmetic issue, not a security signal. | ai | |
| provenance | no-provenance | AI (provenance): teambit publishes thousands of versions without provenance; consistent pattern across the monorepo. | ai |
Versions (showing 97 of 197)
| Version | Deps | Published |
|---|---|---|
| 1.0.757 | 38 / 5 | |
| 1.0.755 | 38 / 5 | |
| 1.0.754 | 38 / 5 | |
| 1.0.753 | 38 / 5 | |
| 1.0.751 | 38 / 5 | |
| 1.0.750 | 38 / 5 | |
| 1.0.749 | 38 / 5 | |
| 1.0.747 | 38 / 5 | |
| 1.0.745 | 38 / 5 | |
| 1.0.744 | 38 / 5 | |
| 1.0.743 | 38 / 5 | |
| 1.0.742 | 38 / 5 | |
| 1.0.738 | 38 / 5 | |
| 1.0.737 | 38 / 5 | |
| 1.0.736 | 38 / 5 | |
| 1.0.735 | 38 / 5 | |
| 1.0.734 | 38 / 5 | |
| 1.0.733 | 38 / 5 | |
| 1.0.732 | 38 / 5 | |
| 1.0.731 | 38 / 5 | |
| 1.0.730 | 38 / 5 | |
| 1.0.729 | 38 / 5 | |
| 1.0.727 | 38 / 5 | |
| 1.0.726 | 38 / 5 | |
| 1.0.724 | 38 / 5 | |
| 1.0.723 | 38 / 5 | |
| 1.0.722 | 38 / 5 | |
| 1.0.719 | 38 / 5 | |
| 1.0.717 | 38 / 5 | |
| 1.0.715 | 38 / 5 | |
| 1.0.713 | 38 / 5 | |
| 1.0.711 | 38 / 5 | |
| 1.0.709 | 38 / 5 | |
| 1.0.708 | 38 / 5 | |
| 1.0.707 | 38 / 5 | |
| 1.0.706 | 38 / 5 | |
| 1.0.703 | 38 / 5 | |
| 1.0.699 | 38 / 5 | |
| 1.0.696 | 38 / 5 | |
| 1.0.695 | 38 / 5 | |
| 1.0.694 | 38 / 5 | |
| 1.0.692 | 38 / 5 | |
| 1.0.691 | 38 / 5 | |
| 1.0.690 | 38 / 5 | |
| 1.0.688 | 38 / 5 | |
| 1.0.686 | 38 / 5 | |
| 1.0.685 | 38 / 5 | |
| 1.0.684 | 38 / 5 | |
| 1.0.682 | 38 / 5 | |
| 1.0.681 | 38 / 5 | |
| 1.0.679 | 38 / 5 | |
| 1.0.678 | 38 / 5 | |
| 1.0.677 | 38 / 5 | |
| 1.0.675 | 38 / 5 | |
| 1.0.674 | 38 / 5 | |
| 1.0.673 | 38 / 5 | |
| 1.0.671 | 38 / 5 | |
| 1.0.670 | 38 / 5 | |
| 1.0.669 | 38 / 5 | |
| 1.0.668 | 38 / 5 | |
| 1.0.666 | 38 / 5 | |
| 1.0.665 | 38 / 5 | |
| 1.0.661 | 38 / 5 | |
| 1.0.660 | 38 / 5 | |
| 1.0.658 | 38 / 5 | |
| 1.0.657 | 38 / 5 | |
| 1.0.655 | 38 / 5 | |
| 1.0.654 | 38 / 5 | |
| 1.0.653 | 38 / 5 | |
| 1.0.652 | 38 / 5 | |
| 1.0.651 | 38 / 5 | |
| 1.0.650 | 38 / 5 | |
| 1.0.649 | 38 / 5 | |
| 1.0.647 | 38 / 5 | |
| 1.0.645 | 38 / 5 | |
| 1.0.644 | 38 / 5 | |
| 1.0.642 | 38 / 5 | |
| 1.0.641 | 38 / 5 | |
| 1.0.640 | 38 / 5 | |
| 1.0.638 | 38 / 5 | |
| 1.0.637 | 38 / 5 | |
| 1.0.636 | 38 / 5 | |
| 1.0.633 | 38 / 5 | |
| 1.0.632 | 38 / 5 | |
| 1.0.631 | 38 / 5 | |
| 1.0.630 | 38 / 5 | |
| 1.0.628 | 38 / 5 | |
| 1.0.626 | 38 / 5 | |
| 1.0.625 | 38 / 5 | |
| 1.0.624 | 38 / 5 | |
| 1.0.621 | 38 / 5 | |
| 1.0.620 | 38 / 5 | |
| 1.0.619 | 38 / 5 | |
| 1.0.618 | 38 / 5 | |
| 1.0.617 | 38 / 5 | |
| 1.0.612 | 38 / 5 | |
| 1.0.611 | 38 / 5 |
v1.0.757
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.755
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.754
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.753
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.751
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.750
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.749
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.747
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.745
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.744
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.743
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.742
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.738
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.737
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.736
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.735
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.734
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.733
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.732
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.731
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.730
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.729
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.727
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.726
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.724
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.723
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.722
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.719
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.717
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.715
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.713
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.711
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.709
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.708
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.707
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.706
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.703
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.699
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.696
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.695
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.694
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.692
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.691
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.690
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.688
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.686
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.685
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.684
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.682
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.681
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.679
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.678
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.677
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.675
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.674
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.673
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.671
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.670
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.669
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.668
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.666
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.665
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.661
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.660
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.658
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.657
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.655
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.654
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.653
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.652
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.651
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.650
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.649
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.647
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.645
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.644
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.642
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.641
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.640
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.638
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.637
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.636
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.633
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.632
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.631
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.630
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.628
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.626
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.625
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.624
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.621
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.620
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.619
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.618
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.617
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.612
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.611
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.