@teambit/new-component-helper
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| npm-metadata | no-description | AI (npm-metadata): Scoped @teambit package; missing description is stable pattern for internal components. | ai | |
| provenance | no-provenance | AI (provenance): Established publisher; provenance absence is not a blocker for this package's context. | ai | |
| dependencies | unvetted-dep:@teambit/harmony | AI (dependencies): Sibling @teambit monorepo package; unvetted status is a registry gap, not a security concern. | ai | |
| dependencies | unvetted-dep:@teambit/tracker | AI (dependencies): Sibling @teambit monorepo package; unvetted status is a registry gap, not a security concern. | ai | |
| dependencies | unvetted-dep:@teambit/bit-error | AI (dependencies): Sibling @teambit monorepo package; unvetted status is a registry gap, not a security concern. | ai | |
| dependencies | unvetted-dep:@teambit/component | AI (dependencies): Sibling @teambit monorepo package; unvetted status is a registry gap, not a security concern. | ai | |
| dependencies | unvetted-dep:@teambit/workspace | AI (dependencies): Sibling @teambit monorepo package; unvetted status is a registry gap, not a security concern. | ai | |
| dependencies | unvetted-dep:@teambit/component-id | AI (dependencies): Sibling @teambit monorepo package; unvetted status is a registry gap, not a security concern. | ai | |
| dependencies | unvetted-dep:@teambit/cli | AI (dependencies): Sibling @teambit monorepo package; unvetted status is a registry gap, not a security concern. | ai | |
| dependencies | unvetted-dep:@teambit/component-writer | AI (dependencies): Sibling @teambit monorepo package; unvetted status is a registry gap, not a security concern. | ai | |
| dependencies | unvetted-dep:@teambit/legacy.constants | AI (dependencies): Sibling @teambit monorepo package; unvetted status is a registry gap, not a security concern. | ai | |
| dependencies | unvetted-dep:@teambit/component.sources | AI (dependencies): Sibling @teambit monorepo package; unvetted status is a registry gap, not a security concern. | ai | |
| dependencies | unvetted-dep:@teambit/toolbox.path.path | AI (dependencies): Sibling @teambit monorepo package; unvetted status is a registry gap, not a security concern. | ai | |
| dependencies | unvetted-dep:@teambit/toolbox.fs.is-dir-empty | AI (dependencies): Sibling @teambit monorepo package; unvetted status is a registry gap, not a security concern. | ai | |
| dependencies | unvetted-dep:@teambit/legacy-bit-id | AI (dependencies): Sibling @teambit monorepo package; unvetted status is a registry gap, not a security concern. | ai | |
| dependencies | unvetted-dep:@teambit/envs | AI (dependencies): Sibling @teambit monorepo package; unvetted status is a registry gap, not a security concern. | ai |
Versions (showing 51 of 98)
| Version | Deps | Published |
|---|---|---|
| 1.0.995 | 16 / 3 | |
| 1.0.993 | 16 / 3 | |
| 1.0.992 | 16 / 3 | |
| 1.0.991 | 16 / 3 | |
| 1.0.990 | 16 / 3 | |
| 1.0.989 | 16 / 3 | |
| 1.0.987 | 16 / 3 | |
| 1.0.986 | 16 / 3 | |
| 1.0.985 | 16 / 3 | |
| 1.0.983 | 16 / 3 | |
| 1.0.982 | 16 / 3 | |
| 1.0.979 | 16 / 3 | |
| 1.0.977 | 16 / 3 | |
| 1.0.976 | 16 / 3 | |
| 1.0.975 | 16 / 3 | |
| 1.0.974 | 16 / 3 | |
| 1.0.973 | 16 / 3 | |
| 1.0.972 | 16 / 3 | |
| 1.0.971 | 16 / 3 | |
| 1.0.970 | 16 / 3 | |
| 1.0.969 | 16 / 3 | |
| 1.0.968 | 16 / 3 | |
| 1.0.925 | 16 / 3 | |
| 1.0.912 | 16 / 3 | |
| 1.0.910 | 16 / 3 | |
| 1.0.909 | 16 / 3 | |
| 1.0.906 | 16 / 3 | |
| 1.0.904 | 16 / 3 | |
| 1.0.901 | 16 / 3 | |
| 1.0.900 | 16 / 3 | |
| 1.0.898 | 16 / 3 | |
| 1.0.897 | 16 / 3 | |
| 1.0.894 | 16 / 3 | |
| 1.0.893 | 16 / 3 | |
| 1.0.892 | 16 / 3 | |
| 1.0.889 | 16 / 3 | |
| 1.0.887 | 16 / 3 | |
| 1.0.886 | 16 / 3 | |
| 1.0.884 | 16 / 3 | |
| 1.0.880 | 16 / 3 | |
| 1.0.879 | 16 / 3 | |
| 1.0.878 | 16 / 3 | |
| 1.0.874 | 16 / 3 | |
| 1.0.873 | 16 / 3 | |
| 1.0.872 | 16 / 3 | |
| 1.0.871 | 16 / 3 | |
| 1.0.869 | 16 / 3 | |
| 1.0.867 | 16 / 3 | |
| 1.0.866 | 16 / 3 | |
| 1.0.865 | 16 / 3 | |
| 1.0.863 | 16 / 3 |
v1.0.995
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.993
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.992
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.991
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.990
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.989
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.987
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.986
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.985
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.983
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.982
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.979
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.977
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.976
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.975
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.974
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.973
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.972
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.971
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.970
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.969
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.912
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.910
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.909
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.906
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.904
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.901
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.900
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.898
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.897
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.894
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.893
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.892
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.889
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.887
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.886
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.884
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.880
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.879
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.878
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.874
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.873
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.872
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.871
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.869
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.867
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.866
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.865
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.863
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.