@teambit/new-component-helper
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| npm-metadata | no-description | AI (npm-metadata): Scoped @teambit package; missing description is stable pattern for internal components. | ai | |
| provenance | no-provenance | AI (provenance): Established publisher; provenance absence is not a blocker for this package's context. | ai | |
| dependencies | unvetted-dep:@teambit/harmony | AI (dependencies): Sibling @teambit monorepo package; unvetted status is a registry gap, not a security concern. | ai | |
| dependencies | unvetted-dep:@teambit/tracker | AI (dependencies): Sibling @teambit monorepo package; unvetted status is a registry gap, not a security concern. | ai | |
| dependencies | unvetted-dep:@teambit/bit-error | AI (dependencies): Sibling @teambit monorepo package; unvetted status is a registry gap, not a security concern. | ai | |
| dependencies | unvetted-dep:@teambit/component | AI (dependencies): Sibling @teambit monorepo package; unvetted status is a registry gap, not a security concern. | ai | |
| dependencies | unvetted-dep:@teambit/workspace | AI (dependencies): Sibling @teambit monorepo package; unvetted status is a registry gap, not a security concern. | ai | |
| dependencies | unvetted-dep:@teambit/component-id | AI (dependencies): Sibling @teambit monorepo package; unvetted status is a registry gap, not a security concern. | ai | |
| dependencies | unvetted-dep:@teambit/cli | AI (dependencies): Sibling @teambit monorepo package; unvetted status is a registry gap, not a security concern. | ai | |
| dependencies | unvetted-dep:@teambit/component-writer | AI (dependencies): Sibling @teambit monorepo package; unvetted status is a registry gap, not a security concern. | ai | |
| dependencies | unvetted-dep:@teambit/legacy.constants | AI (dependencies): Sibling @teambit monorepo package; unvetted status is a registry gap, not a security concern. | ai | |
| dependencies | unvetted-dep:@teambit/component.sources | AI (dependencies): Sibling @teambit monorepo package; unvetted status is a registry gap, not a security concern. | ai | |
| dependencies | unvetted-dep:@teambit/toolbox.path.path | AI (dependencies): Sibling @teambit monorepo package; unvetted status is a registry gap, not a security concern. | ai | |
| dependencies | unvetted-dep:@teambit/toolbox.fs.is-dir-empty | AI (dependencies): Sibling @teambit monorepo package; unvetted status is a registry gap, not a security concern. | ai | |
| dependencies | unvetted-dep:@teambit/legacy-bit-id | AI (dependencies): Sibling @teambit monorepo package; unvetted status is a registry gap, not a security concern. | ai | |
| dependencies | unvetted-dep:@teambit/envs | AI (dependencies): Sibling @teambit monorepo package; unvetted status is a registry gap, not a security concern. | ai |
Versions (showing 98 of 98)
| Version | Deps | Published |
|---|---|---|
| 1.0.995 | 16 / 3 | |
| 1.0.993 | 16 / 3 | |
| 1.0.992 | 16 / 3 | |
| 1.0.991 | 16 / 3 | |
| 1.0.990 | 16 / 3 | |
| 1.0.989 | 16 / 3 | |
| 1.0.987 | 16 / 3 | |
| 1.0.986 | 16 / 3 | |
| 1.0.985 | 16 / 3 | |
| 1.0.983 | 16 / 3 | |
| 1.0.982 | 16 / 3 | |
| 1.0.979 | 16 / 3 | |
| 1.0.977 | 16 / 3 | |
| 1.0.976 | 16 / 3 | |
| 1.0.975 | 16 / 3 | |
| 1.0.974 | 16 / 3 | |
| 1.0.973 | 16 / 3 | |
| 1.0.972 | 16 / 3 | |
| 1.0.971 | 16 / 3 | |
| 1.0.970 | 16 / 3 | |
| 1.0.969 | 16 / 3 | |
| 1.0.968 | 16 / 3 | |
| 1.0.925 | 16 / 3 | |
| 1.0.912 | 16 / 3 | |
| 1.0.910 | 16 / 3 | |
| 1.0.909 | 16 / 3 | |
| 1.0.906 | 16 / 3 | |
| 1.0.904 | 16 / 3 | |
| 1.0.901 | 16 / 3 | |
| 1.0.900 | 16 / 3 | |
| 1.0.898 | 16 / 3 | |
| 1.0.897 | 16 / 3 | |
| 1.0.894 | 16 / 3 | |
| 1.0.893 | 16 / 3 | |
| 1.0.892 | 16 / 3 | |
| 1.0.889 | 16 / 3 | |
| 1.0.887 | 16 / 3 | |
| 1.0.886 | 16 / 3 | |
| 1.0.884 | 16 / 3 | |
| 1.0.880 | 16 / 3 | |
| 1.0.879 | 16 / 3 | |
| 1.0.878 | 16 / 3 | |
| 1.0.874 | 16 / 3 | |
| 1.0.873 | 16 / 3 | |
| 1.0.872 | 16 / 3 | |
| 1.0.871 | 16 / 3 | |
| 1.0.869 | 16 / 3 | |
| 1.0.867 | 16 / 3 | |
| 1.0.866 | 16 / 3 | |
| 1.0.865 | 16 / 3 | |
| 1.0.863 | 16 / 3 | |
| 1.0.862 | 16 / 3 | |
| 1.0.860 | 16 / 3 | |
| 1.0.858 | 16 / 3 | |
| 1.0.856 | 16 / 3 | |
| 1.0.855 | 16 / 3 | |
| 1.0.853 | 16 / 3 | |
| 1.0.852 | 16 / 3 | |
| 1.0.850 | 16 / 3 | |
| 1.0.849 | 16 / 3 | |
| 1.0.848 | 16 / 3 | |
| 1.0.847 | 16 / 3 | |
| 1.0.846 | 16 / 3 | |
| 1.0.845 | 16 / 3 | |
| 1.0.844 | 16 / 3 | |
| 1.0.842 | 16 / 3 | |
| 1.0.840 | 16 / 3 | |
| 1.0.839 | 16 / 3 | |
| 1.0.838 | 16 / 3 | |
| 1.0.837 | 16 / 3 | |
| 1.0.834 | 16 / 3 | |
| 1.0.833 | 16 / 3 | |
| 1.0.832 | 16 / 3 | |
| 1.0.830 | 16 / 3 | |
| 1.0.829 | 16 / 3 | |
| 1.0.827 | 16 / 3 | |
| 1.0.826 | 16 / 3 | |
| 1.0.825 | 16 / 3 | |
| 1.0.823 | 16 / 3 | |
| 1.0.822 | 16 / 3 | |
| 1.0.821 | 16 / 3 | |
| 1.0.819 | 16 / 3 | |
| 1.0.817 | 16 / 3 | |
| 1.0.814 | 16 / 3 | |
| 1.0.813 | 16 / 3 | |
| 1.0.812 | 16 / 3 | |
| 1.0.811 | 16 / 3 | |
| 1.0.809 | 16 / 3 | |
| 1.0.807 | 16 / 3 | |
| 1.0.806 | 16 / 3 | |
| 1.0.805 | 16 / 3 | |
| 1.0.804 | 16 / 3 | |
| 1.0.803 | 16 / 3 | |
| 1.0.798 | 16 / 3 | |
| 1.0.797 | 16 / 3 | |
| 1.0.612 | 17 / 3 | |
| 1.0.611 | 17 / 3 | |
| 1.0.610 | 17 / 3 |
v1.0.995
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.993
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.992
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.991
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.990
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.989
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.987
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.986
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.985
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.983
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.982
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.979
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.977
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.976
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.975
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.974
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.973
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.972
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.971
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.970
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.969
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.912
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.910
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.909
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.906
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.904
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.901
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.900
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.898
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.897
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.894
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.893
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.892
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.889
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.887
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.886
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.884
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.880
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.879
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.878
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.874
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.873
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.872
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.871
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.869
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.867
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.866
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.865
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.863
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.862
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.860
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.858
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.856
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.855
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.853
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.852
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.850
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.849
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.848
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.847
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.846
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.845
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.844
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.842
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.840
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.839
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.838
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.837
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.834
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.833
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.832
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.830
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.829
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.827
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.826
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.825
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.823
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.822
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.821
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.819
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.817
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.814
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.813
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.812
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.811
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.809
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.807
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.806
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.805
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.804
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.803
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.798
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.797
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.612
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.611
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.610
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.