@theia/electron EPL-2.0 OR GPL-2.0-only WITH Classpath-exception-2.0 34 versions

@theia/electron

npm Repository Homepage

Theia - Electron utility package

34

Versions

EPL-2.0 OR GPL-2.0-only WITH Classpath-exception-2.0

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

eclipsetheiavince-fugnittobhufmannmarc.dumaispaul-marechalmsujewtsmaederjfaltermeierjhelmingeclipse-theia-botsgrabandndoschek

Keywords

theia-extension

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): sgraband is an established eclipse-theia contributor with 47 approved packages; transition appears legitimate.	ai	2026/05/24
dependencies	unvetted-dep:fix-path	AI (dependencies): fix-path is a well-known sindresorhus utility; stable dependency for this Electron package.	ai	2026/05/23
dependencies	unvetted-dep:native-keymap	AI (dependencies): native-keymap is a standard VS Code/Theia native binding; expected dependency for this package.	ai	2026/05/23

Versions (showing 34 of 34)

Version	Deps	Published
1.72.2	3 / 2	2026-06-05
1.72.1	3 / 2	2026-05-29
1.72.0	3 / 2	2026-05-28
1.71.2	3 / 2	2026-05-27
1.71.1	3 / 2	2026-05-11
1.71.0	3 / 2	2026-04-30
1.70.2	3 / 2	2026-04-10
1.70.1	3 / 2	2026-04-08
1.70.0	3 / 2	2026-03-26
1.69.0	3 / 2	2026-02-26
1.68.2	3 / 2	2026-02-05
1.68.1	3 / 2	2026-02-05
1.68.0	3 / 2	2026-01-29
1.67.0	3 / 2	2025-12-10
1.66.2	3 / 2	2025-11-10
1.66.1	3 / 2	2025-11-07
1.66.0	3 / 2	2025-10-30
1.65.2	3 / 2	2025-10-14
1.65.1	3 / 2	2025-10-06
1.65.0	3 / 2	2025-09-26
1.64.4	3 / 2	2025-10-10
1.64.3	3 / 2	2025-10-08
1.64.2	3 / 2	2025-10-01
1.64.1	3 / 2	2025-08-07
1.64.0	3 / 2	2025-07-31
1.63.3	3 / 2	2025-07-16
1.63.2	3 / 2	2025-07-07
1.63.1	3 / 2	2025-07-01
1.63.0	3 / 2	2025-06-26
1.62.2	3 / 2	2025-06-12
1.62.1	3 / 2	2025-06-03
1.62.0	3 / 2	2025-05-28
1.61.1	3 / 2	2025-06-11
1.61.0	3 / 2	2025-04-29

v1.72.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.72.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.72.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.71.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.71.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.71.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.70.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.70.0

2 findings

HIGH Publisher changed: jfaltermeier → GitHub Actions (on 2026-03-26) provenance

This version was published by a different npm account than previous versions on 2026-03-26. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.69.0

2 findings

HIGH Publisher changed: jfaltermeier → GitHub Actions (on 2026-02-26) provenance

This version was published by a different npm account than previous versions on 2026-02-26. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.68.2

2 findings

HIGH Publisher changed: jfaltermeier → GitHub Actions (on 2026-02-05) provenance

This version was published by a different npm account than previous versions on 2026-02-05. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.68.1

2 findings

HIGH Publisher changed: jfaltermeier → GitHub Actions (on 2026-02-05) provenance

This version was published by a different npm account than previous versions on 2026-02-05. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.68.0

2 findings

HIGH Publisher changed: jfaltermeier → GitHub Actions (on 2026-01-29) provenance

This version was published by a different npm account than previous versions on 2026-01-29. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.67.0

2 findings

HIGH Publisher changed: jfaltermeier → GitHub Actions (on 2025-12-10) provenance

This version was published by a different npm account than previous versions on 2025-12-10. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.66.2

2 findings

HIGH Publisher changed: jfaltermeier → eclipse-theia-bot (on 2025-11-10) provenance

This version was published by a different npm account than previous versions on 2025-11-10. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.

v1.66.1

2 findings

HIGH Publisher changed: jfaltermeier → eclipse-theia-bot (on 2025-11-07) provenance

This version was published by a different npm account than previous versions on 2025-11-07. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.

v1.66.0

2 findings

HIGH Publisher changed: jfaltermeier → eclipse-theia-bot (on 2025-10-30) provenance

This version was published by a different npm account than previous versions on 2025-10-30. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.

v1.65.2

2 findings

HIGH Publisher changed: jfaltermeier → eclipse-theia-bot (on 2025-10-14) provenance

This version was published by a different npm account than previous versions on 2025-10-14. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.

v1.65.1

2 findings

HIGH Publisher changed: jfaltermeier → ndoschek (on 2025-10-06) provenance

This version was published by a different npm account than previous versions on 2025-10-06. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.65.0

2 findings

HIGH Publisher changed: jfaltermeier → sgraband (on 2025-09-26) provenance

This version was published by a different npm account than previous versions on 2025-09-26. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.64.4

2 findings

HIGH Publisher changed: jfaltermeier → ndoschek (on 2025-10-10) provenance

This version was published by a different npm account than previous versions on 2025-10-10. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.64.3

2 findings

HIGH Publisher changed: jfaltermeier → ndoschek (on 2025-10-08) provenance

This version was published by a different npm account than previous versions on 2025-10-08. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.64.2

2 findings

HIGH Publisher changed: jfaltermeier → ndoschek (on 2025-10-01) provenance

This version was published by a different npm account than previous versions on 2025-10-01. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.64.1

2 findings

HIGH Publisher changed: jfaltermeier → sgraband (on 2025-08-07) provenance

This version was published by a different npm account than previous versions on 2025-08-07. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.64.0

2 findings

HIGH Publisher changed: jfaltermeier → sgraband (on 2025-07-31) provenance

This version was published by a different npm account than previous versions on 2025-07-31. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.63.3

2 findings

HIGH Publisher changed: jfaltermeier → sgraband (on 2025-07-16) provenance

This version was published by a different npm account than previous versions on 2025-07-16. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.63.2

2 findings

HIGH Publisher changed: jfaltermeier → sgraband (on 2025-07-07) provenance

This version was published by a different npm account than previous versions on 2025-07-07. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.63.1

2 findings

HIGH Publisher changed: jfaltermeier → sgraband (on 2025-07-01) provenance

This version was published by a different npm account than previous versions on 2025-07-01. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.63.0

2 findings

HIGH Publisher changed: jfaltermeier → sgraband (on 2025-06-26) provenance

This version was published by a different npm account than previous versions on 2025-06-26. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.62.2

2 findings

HIGH Publisher changed: jfaltermeier → sgraband (on 2025-06-12) provenance

This version was published by a different npm account than previous versions on 2025-06-12. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.62.1

2 findings

HIGH Publisher changed: jfaltermeier → sgraband (on 2025-06-03) provenance

This version was published by a different npm account than previous versions on 2025-06-03. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.62.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.61.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.61.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.