@teambit/jest — Greenflagged

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

teambit-ownershohamgiladdavidfirstranm8guysaaritaymendelerezbitjoshk2redigmayona007

Keywords

bitbit-aspectbit-core-aspectcomponentscollaborationweb

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
npm-metadata	no-description	AI (npm-metadata): Established package with clear keywords and repo; missing description is stable metadata issue.	ai	2026/04/30
provenance	no-provenance	AI (provenance): Low-severity metadata gap; package has legitimate GitHub repo and long history.	ai	2026/04/30
phantom-deps	phantom-dep:jest-watcher	AI (phantom-deps): jest-watcher loaded by jest framework convention; stable for this package.	ai	2026/04/30
phantom-deps	phantom-dep:@jest/test-result	AI (phantom-deps): Framework-scoped package loaded by convention; stable for this package.	ai	2026/04/30
dependencies	unvetted-dep:@teambit/worker	AI (dependencies): Sibling @teambit/* monorepo dep; expected unvetted status for this ecosystem.	ai	2026/04/29
dependencies	unvetted-dep:@teambit/harmony	AI (dependencies): Sibling @teambit/* monorepo dep; expected unvetted status for this ecosystem.	ai	2026/04/29
typosquat	typosquat.levenshtein:next	AI (typosquat): @teambit/jest is the official Jest integration for Bit; no relation to 'next', stable false positive.	ai	2026/04/29
dependencies	unvetted-dep:@teambit/tests-results	AI (dependencies): Sibling @teambit/* monorepo dep; expected unvetted status for this ecosystem.	ai	2026/04/29
dependencies	unvetted-dep:@teambit/legacy.constants	AI (dependencies): Sibling @teambit/* monorepo dep; expected unvetted status for this ecosystem.	ai	2026/04/29
dependencies	unvetted-dep:@teambit/component	AI (dependencies): Sibling @teambit/* monorepo dep; expected unvetted status for this ecosystem.	ai	2026/04/29
dependencies	unvetted-dep:@teambit/cli	AI (dependencies): Sibling @teambit/* monorepo dep; expected unvetted status for this ecosystem.	ai	2026/04/29
dependencies	unvetted-dep:@teambit/logger	AI (dependencies): Sibling @teambit/* monorepo dep; expected unvetted status for this ecosystem.	ai	2026/04/29
dependencies	unvetted-dep:@teambit/tester	AI (dependencies): Sibling @teambit/* monorepo dep; expected unvetted status for this ecosystem.	ai	2026/04/29

Versions (showing 5 of 5)

Version	Deps	Published
1.0.990	18 / 6	2026-05-18
1.0.972	18 / 6	2026-04-30
1.0.971	18 / 6	2026-04-30
1.0.970	18 / 6	2026-04-29
1.0.968	18 / 6	2026-04-28

v1.0.990

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.972

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.971

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.970

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.