@teambit/host-initializer
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | no-provenance | AI (provenance): Established package; provenance is a best-practice recommendation, not a blocker for this mature project. | ai | |
| dependencies | unvetted-dep:@teambit/config | AI (dependencies): Sibling @teambit/* package from the same monorepo. | ai | |
| dependencies | unvetted-dep:@teambit/logger | AI (dependencies): Sibling @teambit/* package from the same monorepo. | ai | |
| dependencies | unvetted-dep:@teambit/harmony | AI (dependencies): Sibling @teambit/* package from the same monorepo. | ai | |
| dependencies | unvetted-dep:@teambit/objects | AI (dependencies): Sibling @teambit/* package from the same monorepo. | ai | |
| dependencies | unvetted-dep:@teambit/bit-error | AI (dependencies): Sibling @teambit/* package from the same monorepo. | ai | |
| dependencies | unvetted-dep:@teambit/config-store | AI (dependencies): Sibling @teambit/* package from the same monorepo. | ai | |
| dependencies | unvetted-dep:@teambit/legacy.scope | AI (dependencies): Sibling @teambit/* package from the same monorepo. | ai | |
| dependencies | unvetted-dep:@teambit/legacy.utils | AI (dependencies): Sibling @teambit/* package from the same monorepo. | ai | |
| dependencies | unvetted-dep:@teambit/legacy.bit-map | AI (dependencies): Sibling @teambit/* package from the same monorepo. | ai | |
| dependencies | unvetted-dep:@teambit/cli | AI (dependencies): Sibling @teambit/* package from the same monorepo; unvetted status is a registry coverage gap, not a risk. | ai | |
| dependencies | unvetted-dep:@teambit/legacy.constants | AI (dependencies): Sibling @teambit/* package from the same monorepo. | ai | |
| dependencies | unvetted-dep:@teambit/legacy.scope-api | AI (dependencies): Sibling @teambit/* package from the same monorepo. | ai | |
| dependencies | unvetted-dep:@teambit/component.sources | AI (dependencies): Sibling @teambit/* package from the same monorepo. | ai | |
| dependencies | unvetted-dep:@teambit/mcp.mcp-config-writer | AI (dependencies): Sibling @teambit/* package from the same monorepo. | ai | |
| dependencies | unvetted-dep:@teambit/toolbox.string.random | AI (dependencies): Sibling @teambit/* package from the same monorepo. | ai | |
| dependencies | unvetted-dep:@teambit/toolbox.fs.is-dir-empty | AI (dependencies): Sibling @teambit/* package from the same monorepo. | ai | |
| dependencies | unvetted-dep:@teambit/scope.modules.find-scope-path | AI (dependencies): Sibling @teambit/* package from the same monorepo. | ai | |
| dependencies | unvetted-dep:@teambit/workspace.modules.workspace-locator | AI (dependencies): Sibling @teambit/* package from the same monorepo. | ai | |
| npm-metadata | no-description | AI (npm-metadata): Bit ecosystem packages consistently omit npm descriptions; not a malware indicator here. | ai | |
| dependencies | unvetted-dep:@teambit/legacy.consumer | AI (dependencies): Sibling @teambit/* package from the same monorepo. | ai |
Versions (showing 100 of 114)
| Version | Deps | Published |
|---|---|---|
| 0.0.708 | 23 / 3 | |
| 0.0.706 | 23 / 3 | |
| 0.0.705 | 23 / 3 | |
| 0.0.704 | 23 / 3 | |
| 0.0.703 | 23 / 3 | |
| 0.0.702 | 23 / 3 | |
| 0.0.700 | 23 / 3 | |
| 0.0.699 | 23 / 3 | |
| 0.0.696 | 23 / 3 | |
| 0.0.695 | 23 / 3 | |
| 0.0.692 | 23 / 3 | |
| 0.0.689 | 23 / 3 | |
| 0.0.688 | 23 / 3 | |
| 0.0.687 | 23 / 3 | |
| 0.0.686 | 23 / 3 | |
| 0.0.685 | 23 / 3 | |
| 0.0.684 | 23 / 3 | |
| 0.0.683 | 23 / 3 | |
| 0.0.682 | 23 / 3 | |
| 0.0.681 | 23 / 3 | |
| 0.0.652 | 23 / 3 | |
| 0.0.638 | 23 / 3 | |
| 0.0.637 | 23 / 3 | |
| 0.0.635 | 23 / 3 | |
| 0.0.634 | 23 / 3 | |
| 0.0.633 | 23 / 3 | |
| 0.0.631 | 23 / 3 | |
| 0.0.630 | 23 / 3 | |
| 0.0.628 | 23 / 3 | |
| 0.0.627 | 23 / 3 | |
| 0.0.626 | 23 / 3 | |
| 0.0.624 | 23 / 3 | |
| 0.0.623 | 23 / 3 | |
| 0.0.620 | 23 / 3 | |
| 0.0.619 | 23 / 3 | |
| 0.0.618 | 23 / 3 | |
| 0.0.616 | 23 / 3 | |
| 0.0.615 | 23 / 3 | |
| 0.0.613 | 23 / 3 | |
| 0.0.612 | 23 / 3 | |
| 0.0.611 | 23 / 3 | |
| 0.0.610 | 23 / 3 | |
| 0.0.609 | 23 / 3 | |
| 0.0.608 | 23 / 3 | |
| 0.0.606 | 23 / 3 | |
| 0.0.605 | 23 / 3 | |
| 0.0.604 | 23 / 3 | |
| 0.0.602 | 23 / 3 | |
| 0.0.601 | 23 / 3 | |
| 0.0.599 | 23 / 3 | |
| 0.0.598 | 23 / 3 | |
| 0.0.597 | 23 / 3 | |
| 0.0.595 | 23 / 3 | |
| 0.0.594 | 23 / 3 | |
| 0.0.593 | 23 / 3 | |
| 0.0.592 | 23 / 3 | |
| 0.0.591 | 23 / 3 | |
| 0.0.590 | 23 / 3 | |
| 0.0.589 | 23 / 3 | |
| 0.0.588 | 23 / 3 | |
| 0.0.587 | 23 / 3 | |
| 0.0.586 | 23 / 3 | |
| 0.0.585 | 23 / 3 | |
| 0.0.583 | 23 / 3 | |
| 0.0.582 | 23 / 3 | |
| 0.0.580 | 23 / 3 | |
| 0.0.579 | 23 / 3 | |
| 0.0.578 | 23 / 3 | |
| 0.0.576 | 23 / 3 | |
| 0.0.575 | 23 / 3 | |
| 0.0.573 | 23 / 3 | |
| 0.0.572 | 23 / 3 | |
| 0.0.571 | 23 / 3 | |
| 0.0.569 | 23 / 3 | |
| 0.0.568 | 23 / 3 | |
| 0.0.566 | 23 / 3 | |
| 0.0.565 | 23 / 3 | |
| 0.0.563 | 23 / 3 | |
| 0.0.562 | 23 / 3 | |
| 0.0.561 | 23 / 3 | |
| 0.0.559 | 23 / 3 | |
| 0.0.558 | 23 / 3 | |
| 0.0.557 | 23 / 3 | |
| 0.0.556 | 23 / 3 | |
| 0.0.555 | 23 / 3 | |
| 0.0.554 | 23 / 3 | |
| 0.0.553 | 23 / 3 | |
| 0.0.551 | 23 / 3 | |
| 0.0.549 | 23 / 3 | |
| 0.0.547 | 23 / 3 | |
| 0.0.546 | 23 / 3 | |
| 0.0.545 | 23 / 3 | |
| 0.0.543 | 23 / 3 | |
| 0.0.541 | 23 / 3 | |
| 0.0.539 | 23 / 3 | |
| 0.0.538 | 23 / 3 | |
| 0.0.537 | 23 / 3 | |
| 0.0.536 | 23 / 3 | |
| 0.0.534 | 23 / 3 | |
| 0.0.533 | 23 / 3 |
v0.0.708
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.706
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.705
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.704
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.703
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.702
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.700
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.699
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.696
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.695
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.692
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.689
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.688
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.687
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.686
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.685
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.684
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.683
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.682
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.637
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.635
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.634
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.633
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.631
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.630
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.628
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.627
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.626
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.624
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.623
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.620
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.619
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.618
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.616
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.615
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.613
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.612
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.611
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.610
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.609
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.608
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.606
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.605
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.604
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.602
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.601
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.599
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.598
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.597
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.595
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.594
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.593
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.592
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.591
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.590
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.589
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.588
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.587
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.586
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.585
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.583
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.582
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.580
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.579
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.578
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.576
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.575
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.573
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.572
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.571
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.569
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.568
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.566
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.565
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.563
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.562
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.561
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.559
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.558
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.557
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.556
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.555
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.554
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.553
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.551
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.549
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.547
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.546
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.545
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.543
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.541
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.539
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.538
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.537
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.536
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.534
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.533
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.