@teambit/host-initializer

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

teambit-ownershohamgiladdavidfirstranm8guysaaritaymendelerezbitjoshk2redigmayona007

Keywords

bitbit-aspectbit-core-aspectcomponentscollaborationweb

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	no-provenance	AI (provenance): Established package; provenance is a best-practice recommendation, not a blocker for this mature project.	ai	2026/04/30
dependencies	unvetted-dep:@teambit/config	AI (dependencies): Sibling @teambit/* package from the same monorepo.	ai	2026/04/29
dependencies	unvetted-dep:@teambit/logger	AI (dependencies): Sibling @teambit/* package from the same monorepo.	ai	2026/04/29
dependencies	unvetted-dep:@teambit/harmony	AI (dependencies): Sibling @teambit/* package from the same monorepo.	ai	2026/04/29
dependencies	unvetted-dep:@teambit/objects	AI (dependencies): Sibling @teambit/* package from the same monorepo.	ai	2026/04/29
dependencies	unvetted-dep:@teambit/bit-error	AI (dependencies): Sibling @teambit/* package from the same monorepo.	ai	2026/04/29
dependencies	unvetted-dep:@teambit/config-store	AI (dependencies): Sibling @teambit/* package from the same monorepo.	ai	2026/04/29
dependencies	unvetted-dep:@teambit/legacy.scope	AI (dependencies): Sibling @teambit/* package from the same monorepo.	ai	2026/04/29
dependencies	unvetted-dep:@teambit/legacy.utils	AI (dependencies): Sibling @teambit/* package from the same monorepo.	ai	2026/04/29
dependencies	unvetted-dep:@teambit/legacy.bit-map	AI (dependencies): Sibling @teambit/* package from the same monorepo.	ai	2026/04/29
dependencies	unvetted-dep:@teambit/cli	AI (dependencies): Sibling @teambit/* package from the same monorepo; unvetted status is a registry coverage gap, not a risk.	ai	2026/04/29
dependencies	unvetted-dep:@teambit/legacy.constants	AI (dependencies): Sibling @teambit/* package from the same monorepo.	ai	2026/04/29
dependencies	unvetted-dep:@teambit/legacy.scope-api	AI (dependencies): Sibling @teambit/* package from the same monorepo.	ai	2026/04/29
dependencies	unvetted-dep:@teambit/component.sources	AI (dependencies): Sibling @teambit/* package from the same monorepo.	ai	2026/04/29
dependencies	unvetted-dep:@teambit/mcp.mcp-config-writer	AI (dependencies): Sibling @teambit/* package from the same monorepo.	ai	2026/04/29
dependencies	unvetted-dep:@teambit/toolbox.string.random	AI (dependencies): Sibling @teambit/* package from the same monorepo.	ai	2026/04/29
dependencies	unvetted-dep:@teambit/toolbox.fs.is-dir-empty	AI (dependencies): Sibling @teambit/* package from the same monorepo.	ai	2026/04/29
dependencies	unvetted-dep:@teambit/scope.modules.find-scope-path	AI (dependencies): Sibling @teambit/* package from the same monorepo.	ai	2026/04/29
dependencies	unvetted-dep:@teambit/workspace.modules.workspace-locator	AI (dependencies): Sibling @teambit/* package from the same monorepo.	ai	2026/04/29
npm-metadata	no-description	AI (npm-metadata): Bit ecosystem packages consistently omit npm descriptions; not a malware indicator here.	ai	2026/04/29
dependencies	unvetted-dep:@teambit/legacy.consumer	AI (dependencies): Sibling @teambit/* package from the same monorepo.	ai	2026/04/29

Versions (showing 51 of 114)

View all versions

Version	Deps	Published
0.0.708	23 / 3	2026-05-20
0.0.706	23 / 3	2026-05-19
0.0.705	23 / 3	2026-05-19
0.0.704	23 / 3	2026-05-18
0.0.703	23 / 3	2026-05-18
0.0.702	23 / 3	2026-05-15
0.0.700	23 / 3	2026-05-14
0.0.699	23 / 3	2026-05-13
0.0.696	23 / 3	2026-05-12
0.0.695	23 / 3	2026-05-12
0.0.692	23 / 3	2026-05-11
0.0.689	23 / 3	2026-05-08
0.0.688	23 / 3	2026-05-07
0.0.687	23 / 3	2026-05-07
0.0.686	23 / 3	2026-05-05
0.0.685	23 / 3	2026-04-30
0.0.684	23 / 3	2026-04-30
0.0.683	23 / 3	2026-04-29
0.0.682	23 / 3	2026-04-29
0.0.681	23 / 3	2026-04-28
0.0.652	23 / 3	2026-04-08
0.0.638	23 / 3	2026-03-30
0.0.637	23 / 3	2026-03-27
0.0.635	23 / 3	2026-03-26
0.0.634	23 / 3	2026-03-26
0.0.633	23 / 3	2026-03-25
0.0.631	23 / 3	2026-03-25
0.0.630	23 / 3	2026-03-25
0.0.628	23 / 3	2026-03-20
0.0.627	23 / 3	2026-03-20
0.0.626	23 / 3	2026-03-19
0.0.624	23 / 3	2026-03-18
0.0.623	23 / 3	2026-03-18
0.0.620	23 / 3	2026-03-17
0.0.619	23 / 3	2026-03-17
0.0.618	23 / 3	2026-03-17
0.0.616	23 / 3	2026-03-10
0.0.615	23 / 3	2026-03-10
0.0.613	23 / 3	2026-03-06
0.0.612	23 / 3	2026-03-05
0.0.611	23 / 3	2026-03-05
0.0.610	23 / 3	2026-03-03
0.0.609	23 / 3	2026-03-03
0.0.608	23 / 3	2026-03-02
0.0.606	23 / 3	2026-02-27
0.0.605	23 / 3	2026-02-27
0.0.604	23 / 3	2026-02-27
0.0.602	23 / 3	2026-02-24
0.0.601	23 / 3	2026-02-23
0.0.599	23 / 3	2026-02-19
0.0.598	23 / 3	2026-02-17

v0.0.708

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.706

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.705

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.704

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.703

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.702

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.700

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.699

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.696

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.695

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.692

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.689

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.688

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.687

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.686

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.685

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.684

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.683

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.682

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.637

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.635

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.634

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.633

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.631

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.630

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.628

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.627

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.626

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.624

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.623

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.620

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.619

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.618

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.616

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.615

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.613

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.612

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.611

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.610

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.609

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.608

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.606

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.605

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.604

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.602

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.601

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.599

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.598

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.