@docusaurus/babel — Greenflagged

Docusaurus package for Babel-related utils.

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

fbslorberlex111docusaurus-bot

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Docusaurus has migrated to GitHub Actions CI/CD publishing with SLSA provenance attestation. Publisher change from slorber to GitHub Actions is a legitimate, documented transition for this monorepo package.	ai	2026/04/23
dependencies	unvetted-dep:@babel/traverse	AI (dependencies): Well-known, widely-used @babel/* package; unvetted only due to review system state, not suspicious.	ai	2026/04/21
dependencies	unvetted-dep:@babel/generator	AI (dependencies): Well-known, widely-used @babel/* package; unvetted only due to review system state, not suspicious.	ai	2026/04/21
dependencies	unvetted-dep:@babel/preset-env	AI (dependencies): Well-known, widely-used @babel/* package; unvetted only due to review system state, not suspicious.	ai	2026/04/21
dependencies	unvetted-dep:@babel/preset-react	AI (dependencies): Well-known, widely-used @babel/* package; unvetted only due to review system state, not suspicious.	ai	2026/04/21
bogus-package	bogus-package	AI (bogus-package): Inflated semver, short README, and no keywords are expected for a new monorepo-extracted package tracking the Docusaurus release version. Not indicative of spam or malice.	ai	2026/04/21
dependencies	unvetted-dep:@babel/plugin-transform-runtime	AI (dependencies): Well-known, widely-used @babel/* package; unvetted only due to review system state, not suspicious.	ai	2026/04/21
dependencies	unvetted-dep:@babel/plugin-syntax-dynamic-import	AI (dependencies): Well-known, widely-used @babel/* package; unvetted only due to review system state, not suspicious.	ai	2026/04/21
dependencies	unvetted-dep:babel-plugin-dynamic-import-node	AI (dependencies): Established Babel plugin for dynamic imports; unvetted only due to review system state, not suspicious.	ai	2026/04/21
dependencies	unvetted-dep:@docusaurus/utils	AI (dependencies): Sibling @docusaurus/* package at the same version; part of the official Docusaurus monorepo release.	ai	2026/04/21
dependencies	unvetted-dep:@babel/preset-typescript	AI (dependencies): Well-known, widely-used @babel/* package; unvetted only due to review system state, not suspicious.	ai	2026/04/21

Versions (showing 100 of 149)

Hide prereleases

Version	Deps	Published
3.10.1	14 / 0	2026-04-30
3.10.0	14 / 0	2026-04-07
3.9.2	15 / 0	2025-10-17
3.9.1	15 / 0	2025-09-26
3.9.0	15 / 0	2025-09-25
3.8.1	15 / 0	2025-06-06
3.8.0	15 / 0	2025-05-27
3.7.0	15 / 0	2025-01-03
3.6.3	15 / 0	2024-11-22
3.6.2	15 / 0	2024-11-19
3.6.1	15 / 0	2024-11-08
3.6.0	15 / 0	2024-11-04
3.5.2	12 / 0	2024-09-20
3.9.2-canary-6578	14 / 0	2026-04-13
3.9.2-canary-6573	14 / 0	2026-04-10
3.9.2-canary-6572	14 / 0	2026-04-09
3.9.2-canary-6571	14 / 0	2026-04-09
3.9.2-canary-6570	14 / 0	2026-04-07
3.9.2-canary-6569	14 / 0	2026-04-07
3.9.2-canary-6568	14 / 0	2026-04-07
3.9.2-canary-6563	14 / 0	2026-04-03
3.9.2-canary-6562	14 / 0	2026-04-03
3.9.2-canary-6556	14 / 0	2026-04-02
3.9.2-canary-6554	14 / 0	2026-04-02
3.9.2-canary-6546	14 / 0	2026-03-26
3.9.2-canary-6545	14 / 0	2026-03-19
3.9.2-canary-6544	14 / 0	2026-03-19
3.9.2-canary-6543	14 / 0	2026-03-19
3.9.2-canary-6542	14 / 0	2026-03-19
3.9.2-canary-6541	14 / 0	2026-03-19
3.9.2-canary-6540	14 / 0	2026-03-20
3.9.2-canary-6528	14 / 0	2026-03-11
3.9.2-canary-6526	14 / 0	2026-03-10
3.9.2-canary-6508	14 / 0	2026-02-13
3.9.2-canary-6505	14 / 0	2026-02-05
3.9.2-canary-6499	14 / 0	2026-02-05
3.9.2-canary-6495	14 / 0	2026-02-05
3.9.2-canary-6466	14 / 0	2025-12-09
3.9.2-canary-6465	14 / 0	2025-12-09
3.9.2-canary-6464	14 / 0	2025-12-05
3.9.2-canary-6463	14 / 0	2025-12-05
3.9.2-canary-6462	14 / 0	2025-12-05
3.9.2-canary-6461	14 / 0	2025-12-05
3.9.2-canary-6460	14 / 0	2025-12-05
3.9.2-canary-6458	14 / 0	2025-12-04
3.9.2-canary-6450	15 / 0	2025-11-21
3.9.2-canary-6449	15 / 0	2025-11-21
3.9.2-canary-6448	15 / 0	2025-11-21
3.9.2-canary-6447	15 / 0	2025-11-20
3.9.2-canary-6446	15 / 0	2025-11-20
3.9.2-canary-6445	15 / 0	2025-11-20
3.9.2-canary-6444	15 / 0	2025-11-20
3.9.2-canary-6443	15 / 0	2025-11-20
3.9.2-canary-6439	15 / 0	2025-11-14
3.9.2-canary-6437	15 / 0	2025-11-14
3.9.2-canary-6436	15 / 0	2025-11-06
3.9.2-canary-6431	15 / 0	2025-10-21
3.9.2-canary-6429	15 / 0	2025-10-17
3.9.2-canary-6426	15 / 0	2025-10-17
3.9.2-alpha.4	14 / 0	2026-03-20
3.9.2-alpha.3	14 / 0	2026-03-20
3.9.2-alpha.1-canary-6539	14 / 0	2026-03-20
3.9.2-alpha.1	14 / 0	2026-03-20
3.9.2-alpha.0-canary-6548	14 / 0	2026-03-19
3.9.2-alpha.0	14 / 0	2026-03-19
3.9.1-canary-6425	15 / 0	2025-10-17
3.9.1-canary-6424	15 / 0	2025-10-17
3.9.1-canary-6423	15 / 0	2025-10-16
3.9.1-canary-6418	15 / 0	2025-10-13
3.9.1-canary-6416	15 / 0	2025-10-10
3.9.1-canary-6415	15 / 0	2025-10-09
3.9.1-canary-6412	15 / 0	2025-10-09
3.9.1-canary-6411	15 / 0	2025-10-09
3.9.1-canary-6409	15 / 0	2025-09-26
3.9.1-canary-6408	15 / 0	2025-09-26
3.9.1-canary-6407	15 / 0	2025-09-26
3.9.0-canary-6406	15 / 0	2025-09-26
3.9.0-canary-6403	15 / 0	2025-09-25
3.8.1-canary-6402	15 / 0	2025-09-25
3.8.1-canary-6401	15 / 0	2025-09-23
3.8.1-canary-6400	15 / 0	2025-09-23
3.8.1-canary-6399	15 / 0	2025-09-23
3.8.1-canary-6397	15 / 0	2025-09-19
3.8.1-canary-6396	15 / 0	2025-09-19
3.8.1-canary-6395	15 / 0	2025-09-12
3.8.1-canary-6394	15 / 0	2025-09-12
3.8.1-canary-6393	15 / 0	2025-09-12
3.8.1-canary-6392	15 / 0	2025-09-12
3.8.1-canary-6389	15 / 0	2025-09-09
3.8.1-canary-6388	15 / 0	2025-09-04
3.8.1-canary-6386	15 / 0	2025-08-29
3.8.1-canary-6384	15 / 0	2025-08-25
3.8.1-canary-6383	15 / 0	2025-08-24
3.8.1-canary-6379	15 / 0	2025-08-15
3.8.1-canary-6378	15 / 0	2025-08-04
3.8.1-canary-6376	15 / 0	2025-07-31
3.8.1-canary-6375	15 / 0	2025-07-28
3.8.1-canary-6374	15 / 0	2025-07-28
3.8.1-canary-6373	15 / 0	2025-07-24
3.8.1-canary-6372	15 / 0	2025-07-24

Showing 100 of 149 Next page →

v3.10.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.9.2-canary-6578

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.9.2-canary-6573

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.9.2-canary-6572

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.9.2-canary-6571

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.9.2-canary-6570

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.9.2-canary-6569

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.9.2-canary-6568

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.9.2-canary-6563

2 findings

HIGH Publisher changed: slorber → GitHub Actions (on 2026-04-03) provenance

This version was published by a different npm account than previous versions on 2026-04-03. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.9.2-canary-6562

2 findings

HIGH Publisher changed: slorber → GitHub Actions (on 2026-04-03) provenance

This version was published by a different npm account than previous versions on 2026-04-03. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.9.2-canary-6556

2 findings

HIGH Publisher changed: slorber → GitHub Actions (on 2026-04-02) provenance

This version was published by a different npm account than previous versions on 2026-04-02. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.9.2-canary-6554

2 findings

HIGH Publisher changed: slorber → GitHub Actions (on 2026-04-02) provenance

This version was published by a different npm account than previous versions on 2026-04-02. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.9.2-canary-6546

2 findings

HIGH Publisher changed: slorber → GitHub Actions (on 2026-03-26) provenance

This version was published by a different npm account than previous versions on 2026-03-26. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.9.2-canary-6545

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.9.2-canary-6544

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.9.2-canary-6543

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.9.2-canary-6542

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.9.2-canary-6541

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.9.2-canary-6540

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.9.2-canary-6528

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.9.2-canary-6526

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.9.2-canary-6508

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.9.2-canary-6505

2 findings

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

INFO Publisher changed: docusaurus-bot → GitHub Actions (on 2026-02-05) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2026-02-05. This could indicate a legitimate maintainer transition or an account compromise.

v3.9.2-canary-6499

2 findings

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

INFO Publisher changed: docusaurus-bot → GitHub Actions (on 2026-02-05) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2026-02-05. This could indicate a legitimate maintainer transition or an account compromise.

v3.9.2-canary-6495

2 findings

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

INFO Publisher changed: docusaurus-bot → GitHub Actions (on 2026-02-05) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2026-02-05. This could indicate a legitimate maintainer transition or an account compromise.

v3.9.2-canary-6466

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.9.2-canary-6465

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.9.2-canary-6464

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.9.2-canary-6463

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.9.2-canary-6462

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.9.2-canary-6461

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.9.2-canary-6460

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.9.2-canary-6458

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.9.2-canary-6450

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.9.2-canary-6449

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.9.2-canary-6448

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.9.2-canary-6447

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.9.2-canary-6446

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.9.2-canary-6445

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.9.2-canary-6444

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.9.2-canary-6443

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.9.2-canary-6439

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.9.2-canary-6437

2 findings

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: slorber → docusaurus-bot (on 2025-11-14) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2025-11-14. This could indicate a legitimate maintainer transition or an account compromise.

v3.9.2-canary-6436

2 findings

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: slorber → docusaurus-bot (on 2025-11-06) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2025-11-06. This could indicate a legitimate maintainer transition or an account compromise.

v3.9.2-canary-6431

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.9.2-canary-6429

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.9.2-canary-6426

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.9.2-alpha.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.9.2-alpha.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.9.2-alpha.1-canary-6539

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.9.2-alpha.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.9.2-alpha.0-canary-6548

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.9.2-alpha.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.9.1-canary-6425

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.9.1-canary-6424

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.9.1-canary-6423

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.9.1-canary-6418

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.9.1-canary-6416

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.9.1-canary-6415

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.9.1-canary-6412

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.9.1-canary-6411

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.9.1-canary-6409

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.9.1-canary-6408

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.9.1-canary-6407

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.9.0-canary-6406

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.9.0-canary-6403

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.8.1-canary-6402

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.8.1-canary-6401

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.8.1-canary-6400

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.8.1-canary-6399

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.8.1-canary-6397

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.8.1-canary-6396

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.8.1-canary-6395

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.8.1-canary-6394

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.8.1-canary-6393

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.8.1-canary-6392

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.8.1-canary-6389

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.8.1-canary-6388

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.8.1-canary-6386

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.8.1-canary-6384

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.8.1-canary-6383

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.8.1-canary-6379

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.8.1-canary-6378

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.8.1-canary-6376

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.8.1-canary-6375

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.8.1-canary-6374

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.8.1-canary-6373

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.8.1-canary-6372

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.