@teambit/status
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| publish-pattern | rapid-publish | AI (publish-pattern): teambit uses automated CI/CD releasing hundreds of scoped packages simultaneously; rapid publish is expected behavior. | ai | |
| provenance | no-provenance | AI (provenance): Monorepo package; provenance attestation not enforced for this org. | ai | |
| npm-metadata | no-description | AI (npm-metadata): Monorepo package; missing description is stable across versions. | ai | |
| dependencies | unvetted-dep:@teambit/legacy.consumer-component | AI (dependencies): Internal @teambit org sibling package; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@teambit/harmony | AI (dependencies): Internal @teambit org sibling package; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@teambit/lane-id | AI (dependencies): Internal @teambit org sibling package; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@teambit/component-id | AI (dependencies): Internal @teambit org sibling package; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@teambit/legacy.consumer | AI (dependencies): Internal @teambit org sibling package; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@teambit/component-issues | AI (dependencies): Internal @teambit org sibling package; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@teambit/legacy.constants | AI (dependencies): Internal @teambit org sibling package; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@teambit/component-version | AI (dependencies): Internal @teambit org sibling package; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@teambit/legacy.component-list | AI (dependencies): Internal @teambit org sibling package; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@teambit/component.snap-distance | AI (dependencies): Internal @teambit org sibling package; stable pattern across all versions. | ai | |
| phantom-deps | phantom-dep:@teambit/objects | AI (phantom-deps): Same-org monorepo dep; phantom-dep heuristic is a stable false positive for @teambit packages. | ai | |
| phantom-deps | phantom-dep:@teambit/legacy.consumer-component | AI (phantom-deps): Same-org monorepo dep; phantom-dep heuristic is a stable false positive for @teambit packages. | ai |
Versions (showing 51 of 138)
| Version | Deps | Published |
|---|---|---|
| 1.0.1029 | 23 / 3 | |
| 1.0.1017 | 23 / 3 | |
| 1.0.1011 | 23 / 3 | |
| 1.0.1009 | 23 / 3 | |
| 1.0.1004 | 23 / 3 | |
| 1.0.1003 | 23 / 3 | |
| 1.0.1002 | 23 / 3 | |
| 1.0.1001 | 23 / 3 | |
| 1.0.999 | 23 / 3 | |
| 1.0.998 | 23 / 3 | |
| 1.0.992 | 23 / 3 | |
| 1.0.991 | 23 / 3 | |
| 1.0.990 | 23 / 3 | |
| 1.0.988 | 23 / 3 | |
| 1.0.986 | 23 / 3 | |
| 1.0.982 | 23 / 3 | |
| 1.0.980 | 23 / 3 | |
| 1.0.979 | 23 / 3 | |
| 1.0.976 | 23 / 3 | |
| 1.0.975 | 23 / 3 | |
| 1.0.974 | 23 / 3 | |
| 1.0.973 | 23 / 3 | |
| 1.0.972 | 23 / 3 | |
| 1.0.971 | 23 / 3 | |
| 1.0.969 | 23 / 3 | |
| 1.0.965 | 23 / 3 | |
| 1.0.957 | 23 / 3 | |
| 1.0.955 | 23 / 3 | |
| 1.0.951 | 23 / 3 | |
| 1.0.950 | 23 / 3 | |
| 1.0.947 | 23 / 3 | |
| 1.0.939 | 23 / 3 | |
| 1.0.934 | 23 / 3 | |
| 1.0.927 | 23 / 3 | |
| 1.0.924 | 23 / 3 | |
| 1.0.919 | 23 / 3 | |
| 1.0.908 | 23 / 3 | |
| 1.0.903 | 23 / 3 | |
| 1.0.901 | 23 / 3 | |
| 1.0.899 | 23 / 3 | |
| 1.0.896 | 23 / 3 | |
| 1.0.895 | 23 / 3 | |
| 1.0.885 | 23 / 3 | |
| 1.0.877 | 23 / 3 | |
| 1.0.876 | 23 / 3 | |
| 1.0.875 | 23 / 3 | |
| 1.0.873 | 23 / 3 | |
| 1.0.869 | 23 / 3 | |
| 1.0.864 | 23 / 3 | |
| 1.0.861 | 23 / 3 | |
| 1.0.858 | 23 / 3 |
v1.0.1029
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.1017
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.1011
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.1009
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.1004
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.1003
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.1002
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.1001
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.999
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.998
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.992
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.991
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.990
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.986
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.982
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.980
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.979
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.976
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.975
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.974
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.973
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.972
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.971
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.969
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.965
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.957
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.955
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.951
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.950
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.947
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.939
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.934
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.927
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.924
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.919
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.908
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.903
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.901
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.899
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.896
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.895
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.885
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.877
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.876
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.875
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.873
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.869
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.864
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.861
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.858
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.