@uiw/react-codemirror
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:@codemirror/theme-one-dark | AI (dependencies): @codemirror/theme-one-dark is a standard CodeMirror 6 theme package; its inclusion as a dependency is expected and stable for this package. | ai | |
| dependencies | unvetted-dep:@uiw/codemirror-extensions-basic-setup | AI (dependencies): Sibling monorepo package pinned to the same version; expected dependency for this package across all versions. | ai | |
| phantom-deps | phantom-dep:codemirror | AI (phantom-deps): codemirror is declared as both a dependency and peer dependency; not directly imported but used as a re-export/availability guarantee. Stable pattern for this package. | ai |
Versions (showing 33 of 33)
| Version | Deps | Published |
|---|---|---|
| 4.25.11 | 6 / 0 | |
| 4.25.10 | 6 / 0 | |
| 4.25.9 | 6 / 0 | |
| 4.25.8 | 6 / 0 | |
| 4.25.7 | 6 / 0 | |
| 4.25.6 | 6 / 0 | |
| 4.25.5 | 6 / 0 | |
| 4.25.4 | 6 / 0 | |
| 4.25.3 | 6 / 0 | |
| 4.25.2 | 6 / 0 | |
| 4.25.1 | 6 / 0 | |
| 4.25.0 | 6 / 0 | |
| 4.24.2 | 6 / 0 | |
| 4.24.1 | 6 / 0 | |
| 4.24.0 | 6 / 0 | |
| 4.23.14 | 6 / 0 | |
| 4.23.13 | 6 / 0 | |
| 4.23.12 | 6 / 0 | |
| 4.23.11 | 6 / 0 | |
| 4.23.10 | 6 / 0 | |
| 4.23.9 | 6 / 0 | |
| 4.23.8 | 6 / 0 | |
| 4.23.7 | 6 / 0 | |
| 4.23.6 | 6 / 0 | |
| 4.23.5 | 6 / 0 | |
| 4.23.4 | 6 / 0 | |
| 4.23.3 | 6 / 0 | |
| 4.23.2 | 6 / 0 | |
| 4.23.1 | 6 / 0 | |
| 4.23.0 | 6 / 0 | |
| 4.22.2 | 6 / 0 | |
| 4.22.1 | 6 / 0 | |
| 4.22.0 | 6 / 0 |
v4.25.11
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.25.10
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.23.10
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.23.9
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.23.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.23.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.23.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.23.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.23.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.23.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.23.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.23.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.23.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.22.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.22.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.22.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.