@teambit/panels
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | publisher-changed | AI (provenance): davidfirst is a long-standing trusted publisher (178 approved, 0 rejected) within the teambit ecosystem. | ai | |
| npm-metadata | no-description | AI (npm-metadata): Auto-generated @teambit component packages routinely omit descriptions; stable pattern across 1500+ versions. | ai | |
| provenance | no-provenance | AI (provenance): teambit publishes hundreds of packages without provenance; consistent across the ecosystem. | ai |
Versions (showing 51 of 145)
| Version | Deps | Published |
|---|---|---|
| 0.0.1336 | 4 / 4 | |
| 0.0.1335 | 4 / 4 | |
| 0.0.1334 | 4 / 4 | |
| 0.0.1333 | 4 / 4 | |
| 0.0.1332 | 4 / 4 | |
| 0.0.1331 | 4 / 4 | |
| 0.0.1330 | 4 / 4 | |
| 0.0.1329 | 4 / 4 | |
| 0.0.1328 | 4 / 4 | |
| 0.0.1327 | 4 / 4 | |
| 0.0.1326 | 4 / 4 | |
| 0.0.1325 | 4 / 4 | |
| 0.0.1324 | 4 / 4 | |
| 0.0.1323 | 4 / 4 | |
| 0.0.1322 | 4 / 4 | |
| 0.0.1321 | 4 / 4 | |
| 0.0.1320 | 4 / 4 | |
| 0.0.1319 | 4 / 4 | |
| 0.0.1318 | 4 / 4 | |
| 0.0.1317 | 4 / 4 | |
| 0.0.1316 | 4 / 4 | |
| 0.0.1315 | 4 / 4 | |
| 0.0.1314 | 4 / 4 | |
| 0.0.1313 | 4 / 4 | |
| 0.0.1312 | 4 / 4 | |
| 0.0.1311 | 4 / 4 | |
| 0.0.1310 | 4 / 4 | |
| 0.0.1309 | 4 / 4 | |
| 0.0.1308 | 4 / 4 | |
| 0.0.1307 | 4 / 4 | |
| 0.0.1306 | 4 / 4 | |
| 0.0.1305 | 4 / 4 | |
| 0.0.1304 | 4 / 4 | |
| 0.0.1303 | 4 / 4 | |
| 0.0.1302 | 4 / 4 | |
| 0.0.1301 | 4 / 4 | |
| 0.0.1300 | 4 / 4 | |
| 0.0.1299 | 4 / 4 | |
| 0.0.1298 | 4 / 4 | |
| 0.0.1297 | 4 / 4 | |
| 0.0.1296 | 4 / 4 | |
| 0.0.1295 | 4 / 4 | |
| 0.0.1294 | 4 / 4 | |
| 0.0.1293 | 4 / 4 | |
| 0.0.1292 | 4 / 4 | |
| 0.0.1291 | 4 / 4 | |
| 0.0.1290 | 4 / 4 | |
| 0.0.1289 | 4 / 4 | |
| 0.0.1288 | 4 / 4 | |
| 0.0.1287 | 4 / 4 | |
| 0.0.1286 | 4 / 4 |
v0.0.1336
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1335
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1334
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1333
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1332
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1331
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1330
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1329
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1328
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1327
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1326
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1325
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1324
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1308
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1307
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1306
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1305
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1304
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1303
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1302
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1301
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1300
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1299
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1298
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1297
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1296
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1295
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1294
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1293
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1292
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1291
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1290
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1289
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1288
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1287
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.1286
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.