@teambit/lanes
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:@teambit/legacy.cli.prompts | AI (dependencies): Internal @teambit ecosystem dependency; consistent with this package's established dependency pattern. | ai | |
| publish-pattern | rapid-publish | AI (publish-pattern): teambit publishes many packages simultaneously via automated CI; rapid publish is a stable pattern for this org. | ai | |
| npm-metadata | no-description | AI (npm-metadata): Stable false positive; teambit core aspect packages consistently omit descriptions across all versions. | ai | |
| provenance | no-provenance | AI (provenance): teambit publishes without Sigstore provenance; consistent across all 2778 versions. | ai | |
| dependencies | unvetted-dep:@teambit/legacy.constants | AI (dependencies): Internal @teambit monorepo sub-package; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@teambit/scope.ui.scope-icon | AI (dependencies): Internal @teambit monorepo sub-package; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@teambit/legacy.component-diff | AI (dependencies): Internal @teambit monorepo sub-package; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@teambit/legacy.component-list | AI (dependencies): Internal @teambit monorepo sub-package; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@teambit/lanes.ui.lane-overview | AI (dependencies): Internal @teambit monorepo sub-package; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@teambit/component.snap-distance | AI (dependencies): Internal @teambit monorepo sub-package; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@teambit/lanes.entities.lane-diff | AI (dependencies): Internal @teambit monorepo sub-package; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@teambit/lanes.modules.create-lane | AI (dependencies): Internal @teambit monorepo sub-package; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@teambit/legacy.scope | AI (dependencies): Internal @teambit monorepo sub-package; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@teambit/harmony.modules.concurrency | AI (dependencies): Internal @teambit monorepo sub-package; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@teambit/lanes.ui.compare.lane-compare | AI (dependencies): Internal @teambit monorepo sub-package; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@teambit/lanes.ui.menus.use-lanes-menu | AI (dependencies): Internal @teambit monorepo sub-package; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@teambit/component.modules.merge-helper | AI (dependencies): Internal @teambit monorepo sub-package; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@teambit/lanes.ui.navigation.lane-switcher | AI (dependencies): Internal @teambit monorepo sub-package; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@teambit/lanes.ui.compare.lane-compare-page | AI (dependencies): Internal @teambit monorepo sub-package; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@teambit/lanes.ui.menus.lanes-overview-menu | AI (dependencies): Internal @teambit monorepo sub-package; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@teambit/git.modules.git-executable | AI (dependencies): Internal @teambit monorepo sub-package; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@teambit/scope.network | AI (dependencies): Internal @teambit monorepo sub-package; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@teambit/scope.remotes | AI (dependencies): Internal @teambit monorepo sub-package; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@teambit/legacy.consumer | AI (dependencies): Internal @teambit monorepo sub-package; stable pattern across all versions. | ai |
Versions (showing 51 of 53)
| Version | Deps | Published |
|---|---|---|
| 1.0.1025 | 61 / 9 | |
| 1.0.1000 | 61 / 9 | |
| 1.0.999 | 61 / 9 | |
| 1.0.994 | 61 / 9 | |
| 1.0.993 | 61 / 9 | |
| 1.0.989 | 61 / 9 | |
| 1.0.988 | 61 / 9 | |
| 1.0.987 | 61 / 9 | |
| 1.0.986 | 61 / 9 | |
| 1.0.985 | 61 / 9 | |
| 1.0.984 | 61 / 9 | |
| 1.0.980 | 61 / 9 | |
| 1.0.970 | 61 / 9 | |
| 1.0.965 | 61 / 9 | |
| 1.0.964 | 61 / 9 | |
| 1.0.963 | 61 / 9 | |
| 1.0.962 | 61 / 9 | |
| 1.0.961 | 61 / 9 | |
| 1.0.959 | 61 / 9 | |
| 1.0.957 | 61 / 9 | |
| 1.0.955 | 61 / 9 | |
| 1.0.954 | 61 / 9 | |
| 1.0.953 | 61 / 9 | |
| 1.0.951 | 61 / 9 | |
| 1.0.950 | 61 / 9 | |
| 1.0.949 | 61 / 9 | |
| 1.0.948 | 61 / 9 | |
| 1.0.947 | 61 / 9 | |
| 1.0.945 | 61 / 9 | |
| 1.0.944 | 61 / 9 | |
| 1.0.943 | 61 / 9 | |
| 1.0.942 | 61 / 9 | |
| 1.0.941 | 61 / 9 | |
| 1.0.940 | 61 / 9 | |
| 1.0.939 | 61 / 9 | |
| 1.0.926 | 61 / 9 | |
| 1.0.911 | 61 / 9 | |
| 1.0.908 | 61 / 9 | |
| 1.0.884 | 61 / 9 | |
| 1.0.877 | 61 / 9 | |
| 1.0.874 | 61 / 9 | |
| 1.0.873 | 61 / 9 | |
| 1.0.871 | 61 / 9 | |
| 1.0.836 | 61 / 9 | |
| 1.0.696 | 62 / 9 | |
| 1.0.694 | 62 / 9 | |
| 1.0.669 | 61 / 9 | |
| 1.0.622 | 58 / 10 | |
| 1.0.618 | 58 / 10 | |
| 1.0.616 | 58 / 10 | |
| 1.0.614 | 58 / 10 |
v1.0.1025
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.1000
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.999
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.994
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.993
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.989
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.988
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.987
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.986
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.985
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.980
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.970
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.947
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.926
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.911
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.908
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.884
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.877
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.874
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.873
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.871
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.836
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.696
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.694
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.669
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.622
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.618
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.616
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.614
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.