All @tiptap/extension-focus versions
@tiptap/extension-focus @2.27.2
Maintainers
Keywords
Dev Dependencies (2)
| Package | Constraint | Registry Status |
|---|---|---|
| @tiptap/pm | ^2.27.2 | auto_approved |
| @tiptap/core | ^2.27.2 | auto_approved |
Changes from v3.13.0
Dependency Changes
Script Changes
+ clean - lintFile Changes
Risk Dispositions (2 applicable to this version, 0 other)
Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.
| Rule | Source | Disposition | Author | Reason | |
|---|---|---|---|---|---|
regressed-provenance |
provenance | reject | AI | AI (provenance): Provenance regression is a persistent risk signal for this package until CI/CD attestations are restored. | |
publisher-changed |
provenance | reject | AI | AI (provenance): Publisher change from tiptap-bot to _bdbch coincides with provenance regression; generalizes as a risk signal. |
SAST Findings (2)
This version was published without provenance, but prior versions were published via CI/CD with attestations. This is a strong signal of a potential account compromise or unauthorized publish. The axios attack (March 2026) exhibited exactly this pattern.
This version was published by a different npm account than previous versions on 2026-01-07. This could indicate a legitimate maintainer transition or an account compromise.
Review Summary
Risk score: 35. Findings: 1 high (+25), 1 medium (+10), 2 info (+0).
Commit: 4b8d4e9434cd Browse source
Published to npm: