@teambit/mocha
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:@teambit/component.sources | AI (dependencies): Same @teambit org scope; consistent intra-org dependency pattern across all versions of this package. | ai | |
| phantom-deps | phantom-dep:@teambit/component.sources | AI (phantom-deps): Same-org dep within teambit scope; phantom-dep heuristic false positive for this package family. | ai | |
| dependencies | unvetted-dep:@teambit/defender.mocha-tester | AI (dependencies): First-party teambit dependency; consistent with this package's role as a mocha test runner aspect. | ai | |
| npm-metadata | no-description | AI (npm-metadata): Teambit component packages routinely omit descriptions; stable pattern across 1773 versions. | ai | |
| provenance | no-provenance | AI (provenance): No provenance is consistent across all @teambit/* component releases; not a risk indicator here. | ai |
Versions (showing 80 of 80)
| Version | Deps | Published |
|---|---|---|
| 1.0.845 | 5 / 2 | |
| 1.0.844 | 5 / 2 | |
| 1.0.843 | 5 / 2 | |
| 1.0.842 | 5 / 2 | |
| 1.0.841 | 5 / 2 | |
| 1.0.840 | 5 / 2 | |
| 1.0.839 | 5 / 2 | |
| 1.0.838 | 5 / 2 | |
| 1.0.837 | 5 / 2 | |
| 1.0.836 | 5 / 2 | |
| 1.0.835 | 5 / 2 | |
| 1.0.833 | 5 / 2 | |
| 1.0.832 | 5 / 2 | |
| 1.0.831 | 5 / 2 | |
| 1.0.830 | 5 / 2 | |
| 1.0.829 | 5 / 2 | |
| 1.0.828 | 5 / 2 | |
| 1.0.827 | 5 / 2 | |
| 1.0.825 | 5 / 2 | |
| 1.0.824 | 5 / 2 | |
| 1.0.822 | 5 / 2 | |
| 1.0.819 | 5 / 2 | |
| 1.0.817 | 5 / 2 | |
| 1.0.815 | 5 / 2 | |
| 1.0.813 | 5 / 2 | |
| 1.0.812 | 5 / 2 | |
| 1.0.808 | 5 / 2 | |
| 1.0.806 | 5 / 2 | |
| 1.0.805 | 5 / 2 | |
| 1.0.801 | 5 / 2 | |
| 1.0.797 | 10 / 3 | |
| 1.0.793 | 10 / 3 | |
| 1.0.791 | 10 / 3 | |
| 1.0.790 | 10 / 3 | |
| 1.0.780 | 10 / 3 | |
| 1.0.769 | 10 / 3 | |
| 1.0.768 | 10 / 3 | |
| 1.0.763 | 10 / 3 | |
| 1.0.762 | 10 / 3 | |
| 1.0.761 | 10 / 3 | |
| 1.0.746 | 10 / 3 | |
| 1.0.731 | 10 / 3 | |
| 1.0.726 | 10 / 3 | |
| 1.0.724 | 10 / 3 | |
| 1.0.723 | 10 / 3 | |
| 1.0.722 | 10 / 3 | |
| 1.0.718 | 10 / 3 | |
| 1.0.716 | 10 / 3 | |
| 1.0.715 | 10 / 3 | |
| 1.0.707 | 10 / 3 | |
| 1.0.705 | 10 / 3 | |
| 1.0.699 | 10 / 3 | |
| 1.0.698 | 10 / 3 | |
| 1.0.693 | 10 / 3 | |
| 1.0.689 | 10 / 3 | |
| 1.0.686 | 10 / 3 | |
| 1.0.685 | 10 / 3 | |
| 1.0.684 | 10 / 3 | |
| 1.0.683 | 10 / 3 | |
| 1.0.677 | 10 / 3 | |
| 1.0.674 | 10 / 3 | |
| 1.0.673 | 10 / 3 | |
| 1.0.671 | 10 / 3 | |
| 1.0.664 | 10 / 3 | |
| 1.0.662 | 10 / 3 | |
| 1.0.660 | 10 / 3 | |
| 1.0.656 | 10 / 3 | |
| 1.0.653 | 10 / 3 | |
| 1.0.649 | 10 / 3 | |
| 1.0.642 | 10 / 3 | |
| 1.0.640 | 10 / 3 | |
| 1.0.639 | 10 / 3 | |
| 1.0.631 | 10 / 3 | |
| 1.0.629 | 10 / 3 | |
| 1.0.628 | 10 / 3 | |
| 1.0.626 | 10 / 3 | |
| 1.0.624 | 10 / 3 | |
| 1.0.612 | 10 / 3 | |
| 1.0.611 | 10 / 3 | |
| 1.0.610 | 10 / 3 |
v1.0.845
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.844
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.843
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.842
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.841
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.840
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.839
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.824
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.822
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.819
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.817
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.815
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.813
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.812
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.808
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.806
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.805
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.801
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.797
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.793
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.791
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.790
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.780
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.769
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.768
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.763
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.762
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.761
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.746
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.731
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.726
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.724
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.723
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.722
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.718
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.716
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.715
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.707
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.705
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.699
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.698
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.693
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.689
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.686
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.685
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.684
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.683
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.677
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.674
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.673
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.671
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.664
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.662
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.660
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.656
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.653
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.649
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.642
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.640
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.639
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.631
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.629
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.628
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.626
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.624
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.612
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.611
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.610
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.