@wordpress/fields
DataViews is a component that provides an API to render datasets using different types of layouts (table, grid, list, etc.).
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | publisher-changed | AI (provenance): peterwilsoncc is a known Gutenberg contributor with strong track record; publisher rotation within the WordPress org is expected. | ai | |
| phantom-deps | phantom-dep:@wordpress/block-editor | AI (phantom-deps): Same-org WordPress package; phantom-dep heuristic commonly misfires on monorepo packages with indirect imports. | ai | |
| publish-pattern | dormant-publish | AI (publish-pattern): Gutenberg monorepo package; publisher has 373 approved releases and long track record — dormancy reflects release cadence, not takeover. | ai | |
| dependencies | unvetted-dep:@react-spring/web | AI (dependencies): @react-spring/web is a widely-used animation library; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@wordpress/hooks | AI (phantom-deps): Same-org WordPress package; phantom-dep heuristic false positive for monorepo build artifacts. | ai | |
| phantom-deps | phantom-dep:@wordpress/base-styles | AI (phantom-deps): Same-org WordPress package; stable false positive for this monorepo package. | ai | |
| phantom-deps | phantom-dep:@wordpress/router | AI (phantom-deps): Same-org WordPress package; stable false positive for this monorepo package. | ai | |
| phantom-deps | phantom-dep:@wordpress/warning | AI (phantom-deps): Same-org WordPress package; stable false positive for this monorepo package. | ai | |
| phantom-deps | phantom-dep:@wordpress/primitives | AI (phantom-deps): Same-org WordPress package; stable false positive for this monorepo package. | ai |
Versions (showing 38 of 38)
| Version | Deps | Published |
|---|---|---|
| 0.40.0 | 30 / 0 | |
| 0.39.0 | 30 / 0 | |
| 0.37.0 | 30 / 0 | |
| 0.36.0 | 29 / 0 | |
| 0.35.0 | 29 / 0 | |
| 0.33.0 | 29 / 0 | |
| 0.32.1 | 29 / 0 | |
| 0.32.0 | 29 / 0 | |
| 0.31.0 | 28 / 0 | |
| 0.30.0 | 28 / 0 | |
| 0.29.0 | 28 / 0 | |
| 0.28.0 | 28 / 0 | |
| 0.27.0 | 28 / 0 | |
| 0.26.0 | 28 / 0 | |
| 0.25.11 | 28 / 0 | |
| 0.25.10 | 28 / 0 | |
| 0.25.9 | 28 / 0 | |
| 0.25.8 | 28 / 0 | |
| 0.25.7 | 28 / 0 | |
| 0.25.6 | 28 / 0 | |
| 0.25.5 | 28 / 0 | |
| 0.25.4 | 28 / 0 | |
| 0.25.3 | 28 / 0 | |
| 0.25.2 | 28 / 0 | |
| 0.25.1 | 28 / 0 | |
| 0.25.0 | 28 / 0 | |
| 0.24.0 | 28 / 0 | |
| 0.23.0 | 28 / 0 | |
| 0.22.0 | 28 / 0 | |
| 0.21.0 | 28 / 0 | |
| 0.20.0 | 28 / 0 | |
| 0.19.0 | 28 / 0 | |
| 0.18.0 | 28 / 0 | |
| 0.17.0 | 28 / 0 | |
| 0.16.0 | 28 / 0 | |
| 0.15.0 | 28 / 0 | |
| 0.11.6 | 28 / 0 | |
| 0.11.5 | 28 / 0 |
v0.40.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.39.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.37.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.35.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.33.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.32.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.32.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.31.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.30.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.29.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.28.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.27.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.26.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.11
2 findingsThis version was published by a different npm account than previous versions on 2026-01-29. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.25.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.25.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.25.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.24.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.23.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.22.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.21.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.20.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.19.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.18.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.17.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.16.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.15.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.11.6
2 findingsThis version was published by a different npm account than previous versions on 2025-07-08. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.11.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.