@wordpress/edit-post
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:@wordpress/dom | AI (phantom-deps): Same-org WordPress package; phantom-dep heuristic unreliable for monorepo transitive deps. | ai | |
| phantom-deps | phantom-dep:@wordpress/a11y | AI (phantom-deps): Same-org WordPress package; phantom-dep heuristic unreliable for monorepo transitive deps. | ai | |
| phantom-deps | phantom-dep:@wordpress/warning | AI (phantom-deps): Same-org WordPress package; phantom-dep heuristic unreliable for monorepo transitive deps. | ai | |
| phantom-deps | phantom-dep:@wordpress/base-styles | AI (phantom-deps): Same-org WordPress package; phantom-dep heuristic unreliable for monorepo transitive deps. | ai |
Versions (showing 38 of 38)
| Version | Deps | Published |
|---|---|---|
| 8.47.0 | 34 / 0 | |
| 8.46.0 | 34 / 0 | |
| 8.45.0 | 34 / 0 | |
| 8.44.0 | 33 / 0 | |
| 8.43.0 | 33 / 0 | |
| 8.42.0 | 33 / 0 | |
| 8.41.0 | 33 / 0 | |
| 8.40.1 | 33 / 0 | |
| 8.40.0 | 33 / 0 | |
| 8.39.0 | 33 / 0 | |
| 8.38.0 | 33 / 0 | |
| 8.37.0 | 33 / 0 | |
| 8.36.0 | 33 / 0 | |
| 8.35.0 | 33 / 0 | |
| 8.34.0 | 33 / 0 | |
| 8.33.11 | 32 / 0 | |
| 8.33.10 | 32 / 0 | |
| 8.33.9 | 32 / 0 | |
| 8.33.8 | 32 / 0 | |
| 8.33.7 | 32 / 0 | |
| 8.33.6 | 32 / 0 | |
| 8.33.5 | 32 / 0 | |
| 8.33.4 | 32 / 0 | |
| 8.33.3 | 32 / 0 | |
| 8.33.2 | 32 / 0 | |
| 8.33.1 | 32 / 0 | |
| 8.33.0 | 32 / 0 | |
| 8.32.0 | 31 / 0 | |
| 8.31.0 | 31 / 0 | |
| 8.30.0 | 31 / 0 | |
| 8.29.0 | 32 / 0 | |
| 8.28.0 | 32 / 0 | |
| 8.27.0 | 32 / 0 | |
| 8.26.0 | 32 / 0 | |
| 8.25.0 | 32 / 0 | |
| 8.24.0 | 32 / 0 | |
| 8.23.0 | 32 / 0 | |
| 8.19.7 | 32 / 0 |
v8.47.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.46.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.45.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.44.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.43.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.42.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.41.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.40.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.40.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.39.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.38.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.37.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.36.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.35.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.34.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.33.11
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.33.10
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.33.9
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.33.8
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.33.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.33.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.33.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.33.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.33.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.33.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.33.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.33.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.32.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.31.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.30.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.29.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.28.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.27.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.26.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.25.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.24.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.23.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.19.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.