← Home

@theia/notebook

npm Repository Homepage

Theia - Notebook Extension

7
Versions
EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

eclipsetheiavince-fugnittobhufmannmarc.dumaispaul-marechalmsujewtsmaederjfaltermeierjhelmingeclipse-theia-botsgrabandndoschek

Keywords

theia-extension

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
dependencies unvetted-dep:@theia/core AI (dependencies): Co-versioned sibling package from the same Eclipse Theia monorepo release. ai
dependencies unvetted-dep:@theia/editor AI (dependencies): Co-versioned sibling package from the same Eclipse Theia monorepo release. ai
dependencies unvetted-dep:@theia/monaco AI (dependencies): Co-versioned sibling package from the same Eclipse Theia monorepo release. ai
dependencies unvetted-dep:@theia/filesystem AI (dependencies): Co-versioned sibling package from the same Eclipse Theia monorepo release. ai
dependencies unvetted-dep:@theia/outline-view AI (dependencies): Co-versioned sibling package from the same Eclipse Theia monorepo release. ai
semgrep semgrep:base64-decode AI (semgrep): Decodes a URI fragment to extract a scheme string; not a payload loader. Stable pattern in this package. ai

Versions (showing 7 of 7)

Version Deps Published
1.72.2 9 / 3
1.72.1 9 / 3
1.72.0 9 / 3
1.71.2 9 / 3
1.71.0 9 / 3
1.70.2 9 / 3
1.68.0 9 / 3

v1.72.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.72.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.72.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.71.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.71.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.68.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.