@teambit/validator — Greenflagged

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

teambit-ownershohamgiladdavidfirstranm8guysaaritaymendelerezbitjoshk2redigmayona007

Keywords

bitbit-aspectbit-core-aspectcomponentscollaborationweb

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
npm-metadata	no-description	AI (npm-metadata): Monorepo package; description gaps are stable across Bit's internal packages.	ai	2026/04/30
provenance	no-provenance	AI (provenance): Provenance adoption is a CI/CD policy decision; not a per-version disqualifier for established publishers.	ai	2026/04/30
dependencies	unvetted-dep:@teambit/logger	AI (dependencies): Sibling @teambit/* package from the same teambit/bit monorepo.	ai	2026/04/29
dependencies	unvetted-dep:@teambit/tester	AI (dependencies): Sibling @teambit/* package from the same teambit/bit monorepo.	ai	2026/04/29
dependencies	unvetted-dep:@teambit/harmony	AI (dependencies): Sibling @teambit/* package from the same teambit/bit monorepo.	ai	2026/04/29
dependencies	unvetted-dep:@teambit/cli	AI (dependencies): Sibling @teambit/* package from the same teambit/bit monorepo; unvetted status is a registry coverage gap, not a risk.	ai	2026/04/29
dependencies	unvetted-dep:@teambit/workspace	AI (dependencies): Sibling @teambit/* package from the same teambit/bit monorepo.	ai	2026/04/29
dependencies	unvetted-dep:@teambit/typescript	AI (dependencies): Sibling @teambit/* package from the same teambit/bit monorepo.	ai	2026/04/29
dependencies	unvetted-dep:@teambit/legacy.constants	AI (dependencies): Sibling @teambit/* package from the same teambit/bit monorepo.	ai	2026/04/29
dependencies	unvetted-dep:@teambit/component	AI (dependencies): Sibling @teambit/* package from the same teambit/bit monorepo.	ai	2026/04/29
dependencies	unvetted-dep:@teambit/linter	AI (dependencies): Sibling @teambit/* package from the same teambit/bit monorepo.	ai	2026/04/29

Versions (showing 51 of 132)

View all versions

Version	Deps	Published
0.0.231	10 / 1	2026-05-20
0.0.229	10 / 1	2026-05-19
0.0.228	10 / 1	2026-05-19
0.0.227	10 / 1	2026-05-18
0.0.226	10 / 1	2026-05-18
0.0.225	10 / 1	2026-05-15
0.0.224	10 / 1	2026-05-15
0.0.223	10 / 1	2026-05-14
0.0.222	10 / 1	2026-05-13
0.0.219	10 / 1	2026-05-12
0.0.218	10 / 1	2026-05-12
0.0.217	10 / 1	2026-05-12
0.0.214	10 / 1	2026-05-11
0.0.211	10 / 1	2026-05-07
0.0.210	10 / 1	2026-05-07
0.0.209	10 / 1	2026-05-05
0.0.208	10 / 1	2026-04-30
0.0.207	10 / 1	2026-04-30
0.0.206	10 / 1	2026-04-29
0.0.205	10 / 1	2026-04-29
0.0.204	10 / 1	2026-04-28
0.0.161	10 / 1	2026-03-30
0.0.157	10 / 1	2026-03-26
0.0.155	10 / 1	2026-03-25
0.0.154	10 / 1	2026-03-25
0.0.153	10 / 1	2026-03-25
0.0.152	10 / 1	2026-03-24
0.0.150	10 / 1	2026-03-20
0.0.148	10 / 1	2026-03-19
0.0.147	10 / 1	2026-03-19
0.0.146	10 / 1	2026-03-18
0.0.145	10 / 1	2026-03-18
0.0.141	10 / 1	2026-03-17
0.0.140	10 / 1	2026-03-17
0.0.138	10 / 1	2026-03-10
0.0.137	10 / 1	2026-03-10
0.0.136	10 / 1	2026-03-10
0.0.134	10 / 1	2026-03-06
0.0.133	10 / 1	2026-03-05
0.0.131	10 / 1	2026-03-03
0.0.130	10 / 1	2026-03-03
0.0.128	10 / 1	2026-02-27
0.0.127	10 / 1	2026-02-27
0.0.126	10 / 1	2026-02-27
0.0.125	10 / 1	2026-02-27
0.0.124	10 / 1	2026-02-26
0.0.123	10 / 1	2026-02-24
0.0.121	10 / 1	2026-02-19
0.0.120	10 / 1	2026-02-19
0.0.117	10 / 1	2026-02-12
0.0.116	10 / 1	2026-02-12

v0.0.231

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.229

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.228

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.227

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.226

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.225

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.224

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.223

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.222

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.219

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.218

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.217

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.214

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.211

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.210

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.209

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.208

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.207

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.206

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.205

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.161

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.157

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.155

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.154

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.153

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.152

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.150

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.148

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.147

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.146

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.145

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.141

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.140

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.138

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.137

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.136

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.134

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.133

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.131

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.130

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.128

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.127

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.126

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.125

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.124

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.123

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.121

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.120

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.117

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.116

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.