gatsby-plugin-manifest — Greenflagged

Gatsby plugin which adds a manifest.webmanifest to make sites progressive web apps

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

piehkathmbeckserhalp-netlifymlgualtieri-gatsbyfktylerbarnesdaniellewgatsby

Keywords

gatsbygatsby-pluginfaviconiconsmanifest.webmanifestprogressive-web-apppwa

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
phantom-deps	phantom-dep:sharp	AI (phantom-deps): Sharp is a documented runtime dependency for image processing; implicit dependency is expected and stable.	ai	2026/04/24
phantom-deps	phantom-dep:semver	AI (phantom-deps): Semver is a declared dependency used in configuration; phantom-dep finding is a false positive for this package.	ai	2026/04/24
phantom-deps	phantom-dep:gatsby-plugin-utils	AI (phantom-deps): gatsby-plugin-utils is a declared dependency referenced in config; phantom-dep is expected for plugin utilities.	ai	2026/04/24
semgrep	semgrep:child-process-import	AI (semgrep): safe-sharp.js uses child_process for sharp binary detection — long-standing pattern in the Gatsby monorepo.	ai	2026/04/23
provenance	publisher-changed	AI (provenance): Gatsby project transitioned to Netlify stewardship; publisher change from pieh to serhalp-netlify is an expected organizational transition.	ai	2026/04/23
bogus-package	bogus-package	AI (bogus-package): Empty index.js is standard Gatsby plugin convention; mass publisher is a monorepo contributor pattern.	ai	2026/04/23
maintainer-change	maintainer-added	AI (maintainer-change): New maintainers (mlgualtieri-gatsby, serhalp-netlify) are Netlify-affiliated accounts consistent with Gatsby's organizational transition.	ai	2026/04/23
maintainer-change	maintainer-removed	AI (maintainer-change): Removal of wardpeet is part of the Gatsby→Netlify maintainer transition; not indicative of takeover.	ai	2026/04/23

Versions (showing 51 of 243)

Show 4 prereleases View all versions

Version	Deps	Published
5.16.0	5 / 4	2026-01-26
5.15.0	5 / 4	2025-08-27
5.14.0	5 / 4	2024-11-06
5.13.1	5 / 4	2024-01-23
5.13.0	5 / 4	2023-12-18
5.12.3	5 / 4	2023-10-26
5.12.2	5 / 4	2023-10-20
5.12.1	5 / 4	2023-10-09
5.12.0	5 / 4	2023-08-24
5.11.0	5 / 4	2023-06-15
5.10.0	5 / 4	2023-05-16
5.9.0	5 / 4	2023-04-18
5.8.0	5 / 4	2023-03-21
5.7.0	5 / 4	2023-02-21
5.6.0	5 / 4	2023-02-07
5.5.0	5 / 4	2023-01-24
5.4.0	5 / 4	2023-01-10
5.3.1	5 / 4	2022-12-14
5.3.0	5 / 4	2022-12-13
5.2.0	5 / 4	2022-11-25
5.1.0	5 / 4	2022-11-22
5.0.0	5 / 4	2022-11-08
4.25.0	5 / 4	2022-12-07
4.24.0	5 / 4	2022-09-27
4.23.1	5 / 4	2022-09-22
4.23.0	5 / 4	2022-09-13
4.22.0	5 / 4	2022-08-30
4.21.0	5 / 4	2022-08-16
4.20.0	5 / 4	2022-08-02
4.19.0	5 / 4	2022-07-19
4.18.1	5 / 4	2022-07-12
4.18.0	5 / 4	2022-07-05
4.17.0	5 / 4	2022-06-21
4.16.0	5 / 4	2022-06-07
4.15.1	5 / 4	2022-06-01
4.15.0	5 / 4	2022-05-24
4.14.0	5 / 4	2022-05-10
4.13.0	5 / 4	2022-04-26
4.12.1	5 / 4	2022-04-12
4.12.0	5 / 4	2022-04-12
4.11.1	5 / 4	2022-03-31
4.11.0	5 / 4	2022-03-29
4.10.2	5 / 4	2022-03-23
4.10.1	5 / 4	2022-03-18
4.10.0	5 / 4	2022-03-16
4.9.1	5 / 4	2022-03-09
4.9.0	5 / 4	2022-03-01
4.8.2	5 / 4	2022-03-01
4.8.1	5 / 4	2022-02-25
4.8.0	5 / 4	2022-02-22
4.7.0	5 / 4	2022-02-08