@teambit/validator
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| npm-metadata | no-description | AI (npm-metadata): Monorepo package; description gaps are stable across Bit's internal packages. | ai | |
| provenance | no-provenance | AI (provenance): Provenance adoption is a CI/CD policy decision; not a per-version disqualifier for established publishers. | ai | |
| dependencies | unvetted-dep:@teambit/logger | AI (dependencies): Sibling @teambit/* package from the same teambit/bit monorepo. | ai | |
| dependencies | unvetted-dep:@teambit/tester | AI (dependencies): Sibling @teambit/* package from the same teambit/bit monorepo. | ai | |
| dependencies | unvetted-dep:@teambit/harmony | AI (dependencies): Sibling @teambit/* package from the same teambit/bit monorepo. | ai | |
| dependencies | unvetted-dep:@teambit/cli | AI (dependencies): Sibling @teambit/* package from the same teambit/bit monorepo; unvetted status is a registry coverage gap, not a risk. | ai | |
| dependencies | unvetted-dep:@teambit/workspace | AI (dependencies): Sibling @teambit/* package from the same teambit/bit monorepo. | ai | |
| dependencies | unvetted-dep:@teambit/typescript | AI (dependencies): Sibling @teambit/* package from the same teambit/bit monorepo. | ai | |
| dependencies | unvetted-dep:@teambit/legacy.constants | AI (dependencies): Sibling @teambit/* package from the same teambit/bit monorepo. | ai | |
| dependencies | unvetted-dep:@teambit/component | AI (dependencies): Sibling @teambit/* package from the same teambit/bit monorepo. | ai | |
| dependencies | unvetted-dep:@teambit/linter | AI (dependencies): Sibling @teambit/* package from the same teambit/bit monorepo. | ai |
Versions (showing 100 of 132)
| Version | Deps | Published |
|---|---|---|
| 0.0.231 | 10 / 1 | |
| 0.0.229 | 10 / 1 | |
| 0.0.228 | 10 / 1 | |
| 0.0.227 | 10 / 1 | |
| 0.0.226 | 10 / 1 | |
| 0.0.225 | 10 / 1 | |
| 0.0.224 | 10 / 1 | |
| 0.0.223 | 10 / 1 | |
| 0.0.222 | 10 / 1 | |
| 0.0.219 | 10 / 1 | |
| 0.0.218 | 10 / 1 | |
| 0.0.217 | 10 / 1 | |
| 0.0.214 | 10 / 1 | |
| 0.0.211 | 10 / 1 | |
| 0.0.210 | 10 / 1 | |
| 0.0.209 | 10 / 1 | |
| 0.0.208 | 10 / 1 | |
| 0.0.207 | 10 / 1 | |
| 0.0.206 | 10 / 1 | |
| 0.0.205 | 10 / 1 | |
| 0.0.204 | 10 / 1 | |
| 0.0.161 | 10 / 1 | |
| 0.0.157 | 10 / 1 | |
| 0.0.155 | 10 / 1 | |
| 0.0.154 | 10 / 1 | |
| 0.0.153 | 10 / 1 | |
| 0.0.152 | 10 / 1 | |
| 0.0.150 | 10 / 1 | |
| 0.0.148 | 10 / 1 | |
| 0.0.147 | 10 / 1 | |
| 0.0.146 | 10 / 1 | |
| 0.0.145 | 10 / 1 | |
| 0.0.141 | 10 / 1 | |
| 0.0.140 | 10 / 1 | |
| 0.0.138 | 10 / 1 | |
| 0.0.137 | 10 / 1 | |
| 0.0.136 | 10 / 1 | |
| 0.0.134 | 10 / 1 | |
| 0.0.133 | 10 / 1 | |
| 0.0.131 | 10 / 1 | |
| 0.0.130 | 10 / 1 | |
| 0.0.128 | 10 / 1 | |
| 0.0.127 | 10 / 1 | |
| 0.0.126 | 10 / 1 | |
| 0.0.125 | 10 / 1 | |
| 0.0.124 | 10 / 1 | |
| 0.0.123 | 10 / 1 | |
| 0.0.121 | 10 / 1 | |
| 0.0.120 | 10 / 1 | |
| 0.0.117 | 10 / 1 | |
| 0.0.116 | 10 / 1 | |
| 0.0.115 | 10 / 1 | |
| 0.0.114 | 10 / 1 | |
| 0.0.113 | 10 / 1 | |
| 0.0.112 | 10 / 1 | |
| 0.0.110 | 10 / 1 | |
| 0.0.108 | 10 / 1 | |
| 0.0.107 | 10 / 1 | |
| 0.0.106 | 10 / 1 | |
| 0.0.104 | 10 / 1 | |
| 0.0.103 | 10 / 1 | |
| 0.0.102 | 10 / 1 | |
| 0.0.100 | 10 / 1 | |
| 0.0.99 | 10 / 1 | |
| 0.0.97 | 10 / 1 | |
| 0.0.96 | 10 / 1 | |
| 0.0.94 | 10 / 1 | |
| 0.0.93 | 10 / 1 | |
| 0.0.92 | 10 / 1 | |
| 0.0.90 | 10 / 1 | |
| 0.0.89 | 10 / 1 | |
| 0.0.87 | 10 / 1 | |
| 0.0.86 | 10 / 1 | |
| 0.0.85 | 10 / 1 | |
| 0.0.84 | 10 / 1 | |
| 0.0.83 | 10 / 1 | |
| 0.0.82 | 10 / 1 | |
| 0.0.81 | 10 / 1 | |
| 0.0.80 | 10 / 1 | |
| 0.0.79 | 10 / 1 | |
| 0.0.78 | 10 / 1 | |
| 0.0.77 | 10 / 1 | |
| 0.0.75 | 10 / 1 | |
| 0.0.74 | 10 / 1 | |
| 0.0.72 | 10 / 1 | |
| 0.0.71 | 10 / 1 | |
| 0.0.70 | 10 / 1 | |
| 0.0.69 | 10 / 1 | |
| 0.0.68 | 10 / 1 | |
| 0.0.67 | 10 / 1 | |
| 0.0.66 | 10 / 1 | |
| 0.0.65 | 10 / 1 | |
| 0.0.64 | 10 / 1 | |
| 0.0.62 | 10 / 1 | |
| 0.0.60 | 10 / 1 | |
| 0.0.58 | 10 / 1 | |
| 0.0.57 | 10 / 1 | |
| 0.0.55 | 10 / 1 | |
| 0.0.53 | 10 / 1 | |
| 0.0.51 | 10 / 1 |
v0.0.231
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.229
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.228
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.227
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.226
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.225
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.224
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.223
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.222
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.219
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.218
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.217
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.214
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.211
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.210
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.209
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.208
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.207
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.206
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.205
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.161
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.157
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.155
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.154
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.153
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.152
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.150
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.148
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.147
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.146
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.145
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.141
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.140
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.138
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.137
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.136
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.134
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.133
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.131
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.130
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.128
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.127
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.126
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.125
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.124
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.123
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.121
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.120
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.117
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.116
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.115
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.114
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.113
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.112
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.110
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.108
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.107
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.106
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.104
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.103
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.102
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.100
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.99
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.97
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.96
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.94
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.93
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.92
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.90
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.89
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.87
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.86
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.85
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.84
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.83
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.82
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.81
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.80
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.79
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.78
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.77
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.75
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.74
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.72
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.71
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.70
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.69
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.68
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.67
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.66
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.65
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.64
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.62
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.60
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.58
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.57
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.55
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.53
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.51
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.