← Home

@teambit/scope

npm Repository Homepage
31
Versions
Apache-2.0
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

teambit-ownershohamgiladdavidfirstranm8guysaaritaymendelerezbitjoshk2redigmayona007

Keywords

bitbit-aspectbit-core-aspectcomponentscollaborationweb

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
dependencies unvetted-dep:@teambit/pkg.modules.component-package-name AI (dependencies): Same-org teambit dependency; structural pattern across all teambit packages. ai
dependencies unvetted-dep:@teambit/legacy.consumer-component AI (dependencies): Same-org teambit dependency; structural pattern across all teambit packages. ai
dependencies unvetted-dep:@teambit/harmony.modules.in-memory-cache AI (dependencies): Same-org teambit dependency; structural pattern across all teambit packages. ai
dependencies unvetted-dep:@teambit/legacy.scope AI (dependencies): Same-org teambit dependency; structural pattern across all teambit packages. ai
dependencies unvetted-dep:@teambit/scope.network AI (dependencies): Same-org teambit dependency; structural pattern across all teambit packages. ai
dependencies unvetted-dep:@teambit/scope.remotes AI (dependencies): Same-org teambit dependency; structural pattern across all teambit packages. ai
dependencies unvetted-dep:@teambit/scopes.scope-id AI (dependencies): Same-org teambit dependency; structural pattern across all teambit packages. ai
dependencies unvetted-dep:@teambit/graph.cleargraph AI (dependencies): Same-org teambit dependency; structural pattern across all teambit packages. ai
dependencies unvetted-dep:@teambit/legacy.constants AI (dependencies): Same-org teambit dependency; structural pattern across all teambit packages. ai
dependencies unvetted-dep:@teambit/legacy.scope-api AI (dependencies): Same-org teambit dependency; structural pattern across all teambit packages. ai
dependencies unvetted-dep:@teambit/bit.get-bit-version AI (dependencies): Same-org teambit dependency; structural pattern across all teambit packages. ai
dependencies unvetted-dep:@teambit/scope.remote-actions AI (dependencies): Same-org teambit dependency; structural pattern across all teambit packages. ai
dependencies unvetted-dep:@teambit/legacy.extension-data AI (dependencies): Same-org teambit dependency; structural pattern across all teambit packages. ai
dependencies unvetted-dep:@teambit/component.snap-distance AI (dependencies): Same-org teambit dependency; structural pattern across all teambit packages. ai
phantom-deps phantom-dep:@teambit/ui-foundation.ui.constants.z-indexes AI (phantom-deps): Same-org teambit monorepo; phantom-dep heuristic is unreliable for this package's component-based publishing model. ai
phantom-deps phantom-dep:@teambit/compiler AI (phantom-deps): Same-org teambit monorepo; phantom-dep heuristic is unreliable for this package's component-based publishing model. ai

Versions (showing 31 of 31)

Version Deps Published
1.0.981 87 / 8
1.0.980 87 / 8
1.0.979 87 / 8
1.0.978 87 / 8
1.0.977 87 / 8
1.0.976 87 / 8
1.0.972 87 / 8
1.0.971 87 / 8
1.0.970 87 / 8
1.0.969 87 / 8
1.0.968 87 / 8
1.0.967 87 / 8
1.0.966 87 / 8
1.0.965 87 / 8
1.0.964 87 / 8
1.0.962 87 / 8
1.0.958 87 / 8
1.0.949 87 / 8
1.0.942 87 / 8
1.0.938 87 / 8
1.0.935 87 / 8
1.0.934 87 / 8
1.0.933 87 / 8
1.0.932 87 / 8
1.0.931 87 / 8
1.0.930 87 / 8
1.0.929 87 / 8
1.0.926 87 / 8
1.0.654 89 / 8
1.0.653 89 / 8
1.0.620 88 / 8

v1.0.981

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.980

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.979

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.978

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.977

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.976

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.972

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.971

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.970

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.969

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.935

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.934

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.933

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.932

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.931

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.930

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.929

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.926

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.654

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.653

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.620

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.