@wordpress/create-block
Generates PHP, JS and CSS code for registering a block for a WordPress plugin.
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| bogus-package | bogus-package | AI (bogus-package): CLI tool with thin index.js entry point is expected; README signals are false positives for this established package. | ai | |
| semgrep | semgrep:dynamic-require | AI (semgrep): Template loader pattern in a scaffolding CLI; resolves user-supplied template names by design. | ai | |
| phantom-deps | phantom-dep:@wordpress/lazy-import | AI (phantom-deps): Same-org dependency used indirectly via lazy-import mechanism; stable false positive for this package. | ai |
Versions (showing 27 of 27)
| Version | Deps | Published |
|---|---|---|
| 4.91.0 | 13 / 0 | |
| 4.90.0 | 13 / 0 | |
| 4.89.0 | 13 / 0 | |
| 4.88.0 | 13 / 0 | |
| 4.87.0 | 13 / 0 | |
| 4.86.0 | 13 / 0 | |
| 4.85.0 | 13 / 0 | |
| 4.84.0 | 13 / 0 | |
| 4.83.0 | 13 / 0 | |
| 4.82.0 | 13 / 0 | |
| 4.81.0 | 13 / 0 | |
| 4.80.0 | 13 / 0 | |
| 4.79.0 | 13 / 0 | |
| 4.78.0 | 13 / 0 | |
| 4.77.0 | 13 / 0 | |
| 4.76.1 | 13 / 0 | |
| 4.76.0 | 13 / 0 | |
| 4.75.0 | 13 / 0 | |
| 4.74.0 | 13 / 0 | |
| 4.73.0 | 13 / 0 | |
| 4.72.0 | 13 / 0 | |
| 4.71.0 | 13 / 0 | |
| 4.70.0 | 13 / 0 | |
| 4.69.0 | 13 / 0 | |
| 4.68.0 | 13 / 0 | |
| 4.67.0 | 13 / 0 | |
| 4.66.0 | 13 / 0 |
v4.91.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.90.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.89.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.88.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.87.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.86.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.85.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.84.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.83.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.82.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.81.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.80.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.79.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.78.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.77.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.76.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.76.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.75.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.74.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.73.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.72.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.71.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.70.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.69.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.68.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.67.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.66.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.