@teambit/logger
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| maintainer-change | maintainer-removed | AI (maintainer-change): teambit org regularly rotates accounts; publisher track record and package history confirm legitimate ownership. | ai | |
| dependencies | unvetted-dep:@teambit/cli | AI (dependencies): First-party @teambit sibling package from the same monorepo. | ai | |
| dependencies | unvetted-dep:@teambit/harmony | AI (dependencies): First-party @teambit sibling package from the same monorepo. | ai | |
| dependencies | unvetted-dep:@teambit/legacy.loader | AI (dependencies): First-party @teambit sibling package from the same monorepo. | ai | |
| dependencies | unvetted-dep:dreidels | AI (dependencies): Stable dependency of the teambit ecosystem; no malicious indicators. | ai | |
| npm-metadata | no-description | AI (npm-metadata): Bit component packages commonly omit npm description; not a malware indicator here. | ai | |
| provenance | no-provenance | AI (provenance): Established package predating widespread provenance adoption; no risk signal. | ai | |
| dependencies | unvetted-dep:@teambit/legacy.logger | AI (dependencies): First-party @teambit sibling package from the same monorepo. | ai |
Versions (showing 30 of 30)
| Version | Deps | Published |
|---|---|---|
| 0.0.1420 | 7 / 4 | |
| 0.0.1419 | 7 / 4 | |
| 0.0.1418 | 7 / 4 | |
| 0.0.1417 | 7 / 4 | |
| 0.0.1416 | 7 / 4 | |
| 0.0.1415 | 7 / 4 | |
| 0.0.1414 | 7 / 4 | |
| 0.0.1413 | 7 / 4 | |
| 0.0.1409 | 7 / 4 | |
| 0.0.1400 | 7 / 4 | |
| 0.0.1399 | 7 / 4 | |
| 0.0.1398 | 7 / 4 | |
| 0.0.1397 | 7 / 4 | |
| 0.0.1396 | 7 / 4 | |
| 0.0.1394 | 7 / 4 | |
| 0.0.1393 | 7 / 4 | |
| 0.0.1392 | 7 / 4 | |
| 0.0.1391 | 7 / 4 | |
| 0.0.1389 | 7 / 4 | |
| 0.0.1388 | 7 / 4 | |
| 0.0.1386 | 7 / 4 | |
| 0.0.1385 | 7 / 4 | |
| 0.0.1383 | 7 / 4 | |
| 0.0.1377 | 7 / 4 | |
| 0.0.1350 | 7 / 4 | |
| 0.0.1296 | 7 / 4 | |
| 0.0.1295 | 7 / 4 | |
| 0.0.1282 | 7 / 4 | |
| 0.0.1281 | 7 / 4 | |
| 0.0.1280 | 7 / 4 |
v0.0.1420
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1419
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1418
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1417
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1416
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1415
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1414
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1399
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1398
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1397
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1396
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1394
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1393
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1392
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1391
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1389
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1388
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1386
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1385
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1383
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1377
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.1350
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1296
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1295
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.1282
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.1281
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.1280
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.