@builder.io/qwik-city No license 1 versions

@builder.io/qwik-city

npm Repository Homepage

Versions

—

License

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

steve8708samijaberteleaziz123mrkoreyemheverygustavohgsmanucorporatsanyamkamatbengironemidhunadarvinkylefowlerbuilderio-botarmelaaishwarya_parabemmaacanaghavarhadesidmohanty11jcortesebuildervishwasgopinathnicholaskoechpaprikafpabloelisseoliamdebeasiwmertensjacksheltongioboashairez

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
semgrep	semgrep:dynamic-require	AI (semgrep): Framework SSR entry-module loader pattern; stable across qwik-city versions.	ai	2026/05/28
semgrep	semgrep:base64-decode	AI (semgrep): Image/asset processing in vite plugin; legitimate use of Buffer.from with base64 encoding.	ai	2026/05/28
bogus-package	bogus-package	AI (bogus-package): Well-known Qwik meta-framework; README and keyword signals are false positives for this package.	ai	2026/05/28
phantom-deps	phantom-dep:@types/mdx	AI (phantom-deps): Type-only package used by convention in MDX-supporting framework; not directly imported.	ai	2026/05/28

Versions (showing 1 of 1)

Version	Deps	Published
1.20.0	10 / 27	2026-05-22

v1.20.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.