@teambit/mocha
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:@teambit/component.sources | AI (dependencies): Same @teambit org scope; consistent intra-org dependency pattern across all versions of this package. | ai | |
| phantom-deps | phantom-dep:@teambit/component.sources | AI (phantom-deps): Same-org dep within teambit scope; phantom-dep heuristic false positive for this package family. | ai | |
| dependencies | unvetted-dep:@teambit/defender.mocha-tester | AI (dependencies): First-party teambit dependency; consistent with this package's role as a mocha test runner aspect. | ai | |
| npm-metadata | no-description | AI (npm-metadata): Teambit component packages routinely omit descriptions; stable pattern across 1773 versions. | ai | |
| provenance | no-provenance | AI (provenance): No provenance is consistent across all @teambit/* component releases; not a risk indicator here. | ai |
Versions (showing 51 of 80)
| Version | Deps | Published |
|---|---|---|
| 1.0.845 | 5 / 2 | |
| 1.0.844 | 5 / 2 | |
| 1.0.843 | 5 / 2 | |
| 1.0.842 | 5 / 2 | |
| 1.0.841 | 5 / 2 | |
| 1.0.840 | 5 / 2 | |
| 1.0.839 | 5 / 2 | |
| 1.0.838 | 5 / 2 | |
| 1.0.837 | 5 / 2 | |
| 1.0.836 | 5 / 2 | |
| 1.0.835 | 5 / 2 | |
| 1.0.833 | 5 / 2 | |
| 1.0.832 | 5 / 2 | |
| 1.0.831 | 5 / 2 | |
| 1.0.830 | 5 / 2 | |
| 1.0.829 | 5 / 2 | |
| 1.0.828 | 5 / 2 | |
| 1.0.827 | 5 / 2 | |
| 1.0.825 | 5 / 2 | |
| 1.0.824 | 5 / 2 | |
| 1.0.822 | 5 / 2 | |
| 1.0.819 | 5 / 2 | |
| 1.0.817 | 5 / 2 | |
| 1.0.815 | 5 / 2 | |
| 1.0.813 | 5 / 2 | |
| 1.0.812 | 5 / 2 | |
| 1.0.808 | 5 / 2 | |
| 1.0.806 | 5 / 2 | |
| 1.0.805 | 5 / 2 | |
| 1.0.801 | 5 / 2 | |
| 1.0.797 | 10 / 3 | |
| 1.0.793 | 10 / 3 | |
| 1.0.791 | 10 / 3 | |
| 1.0.790 | 10 / 3 | |
| 1.0.780 | 10 / 3 | |
| 1.0.769 | 10 / 3 | |
| 1.0.768 | 10 / 3 | |
| 1.0.763 | 10 / 3 | |
| 1.0.762 | 10 / 3 | |
| 1.0.761 | 10 / 3 | |
| 1.0.746 | 10 / 3 | |
| 1.0.731 | 10 / 3 | |
| 1.0.726 | 10 / 3 | |
| 1.0.724 | 10 / 3 | |
| 1.0.723 | 10 / 3 | |
| 1.0.722 | 10 / 3 | |
| 1.0.718 | 10 / 3 | |
| 1.0.716 | 10 / 3 | |
| 1.0.715 | 10 / 3 | |
| 1.0.707 | 10 / 3 | |
| 1.0.705 | 10 / 3 |
v1.0.845
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.844
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.843
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.842
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.841
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.840
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.839
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.824
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.822
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.819
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.817
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.815
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.813
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.812
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.808
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.806
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.805
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.801
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.797
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.793
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.791
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.790
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.780
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.769
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.768
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.763
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.762
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.761
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.746
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.731
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.726
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.724
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.723
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.722
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.718
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.716
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.715
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.707
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.705
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.