@teambit/preview.ui.preview-placeholder
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:core-js | AI (phantom-deps): core-js is a declared runtime polyfill dependency; phantom-dep false positive stable for this package. | ai |
Versions (showing 21 of 21)
| Version | Deps | Published |
|---|---|---|
| 0.0.567 | 4 / 7 | |
| 0.0.566 | 4 / 7 | |
| 0.0.565 | 4 / 7 | |
| 0.0.564 | 4 / 7 | |
| 0.0.563 | 5 / 7 | |
| 0.0.562 | 5 / 7 | |
| 0.0.561 | 5 / 7 | |
| 0.0.560 | 5 / 7 | |
| 0.0.559 | 5 / 7 | |
| 0.0.558 | 5 / 7 | |
| 0.0.557 | 5 / 7 | |
| 0.0.555 | 5 / 7 | |
| 0.0.554 | 5 / 7 | |
| 0.0.553 | 5 / 7 | |
| 0.0.552 | 5 / 7 | |
| 0.0.549 | 5 / 7 | |
| 0.0.548 | 5 / 7 | |
| 0.0.547 | 5 / 7 | |
| 0.0.546 | 5 / 7 | |
| 0.0.545 | 5 / 7 | |
| 0.0.543 | 5 / 7 |
v0.0.567
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.566
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.565
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.563
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.562
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.561
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.560
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.559
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.558
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.557
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.555
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.554
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.553
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.552
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.549
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.548
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.547
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.546
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.545
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.543
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.