@docusaurus/theme-common
Common code for Docusaurus themes.
34
Versions
MIT
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
gitHead linked
Maintainers
fbslorberlex111docusaurus-bot
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:@docusaurus/plugin-content-pages | AI (phantom-deps): Same org scope, declared for type-level integration in a monorepo context; not a security concern. | ai | |
| dependencies | unvetted-dep:@docusaurus/plugin-content-pages | AI (dependencies): First-party Docusaurus monorepo package pinned to same version; expected dependency for theme-common integration with pages plugin. | ai | |
| dependencies | unvetted-dep:@docusaurus/plugin-content-blog | AI (dependencies): First-party Docusaurus monorepo package pinned to same version; expected dependency for theme-common integration with blog plugin. | ai | |
| provenance | publisher-changed | AI (provenance): Docusaurus migrated to GitHub Actions CI/CD publishing with SLSA provenance attestation. The publisher change from slorber to GitHub Actions is a documented, intentional supply chain improvement for the facebook/docusaurus monorepo. | ai | |
| dependencies | unvetted-dep:@types/history | AI (dependencies): @types/history is a well-known DefinitelyTyped type package used by Docusaurus for module type aliases; no security risk. | ai | |
| dependencies | unvetted-dep:@types/react-router-config | AI (dependencies): @types/react-router-config is a well-known DefinitelyTyped type package used by Docusaurus for module type aliases; no security risk. | ai | |
| provenance | no-provenance | AI (provenance): Established Docusaurus monorepo package published by trusted maintainer slorber; absence of Sigstore provenance is not a concern here. | ai | |
| phantom-deps | phantom-dep:@types/history | AI (phantom-deps): Type-only package loaded by convention; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@types/react | AI (phantom-deps): @types/react is a framework-scoped type package loaded by convention in TypeScript/React projects; not a real phantom dependency concern. | ai | |
| phantom-deps | phantom-dep:@docusaurus/module-type-aliases | AI (phantom-deps): Same-org type alias package; loaded by convention in the Docusaurus ecosystem, not a real phantom dependency. | ai | |
| phantom-deps | phantom-dep:@types/react-router-config | AI (phantom-deps): Type-only package loaded by convention; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:tslib | AI (phantom-deps): tslib is a known implicit runtime dependency for TypeScript-compiled packages; stable false positive. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Monorepo package from facebook/docusaurus; inflated semver reflects lockstep versioning, short README and no keywords are typical for internal monorepo packages. | ai |
Versions (showing 34 of 34)
| Version | Deps | Published |
|---|---|---|
| 3.10.1 | 12 / 5 | |
| 3.10.0 | 12 / 5 | |
| 3.9.2 | 12 / 5 | |
| 3.9.1 | 12 / 5 | |
| 3.9.0 | 12 / 5 | |
| 3.8.1 | 12 / 4 | |
| 3.8.0 | 12 / 4 | |
| 3.7.0 | 12 / 5 | |
| 3.6.3 | 12 / 5 | |
| 3.6.2 | 12 / 5 | |
| 3.6.1 | 12 / 5 | |
| 3.6.0 | 12 / 5 | |
| 3.5.2 | 12 / 5 | |
| 3.5.1 | 12 / 5 | |
| 3.5.0 | 12 / 5 | |
| 3.4.0 | 15 / 5 | |
| 3.3.2 | 15 / 5 | |
| 3.3.1 | 15 / 5 | |
| 3.3.0 | 15 / 5 | |
| 3.2.1 | 15 / 5 | |
| 3.2.0 | 15 / 5 | |
| 3.1.1 | 15 / 4 | |
| 3.1.0 | 15 / 4 | |
| 3.0.1 | 15 / 4 | |
| 3.0.0 | 15 / 4 | |
| 2.4.3 | 16 / 4 | |
| 2.4.1 | 16 / 4 | |
| 2.4.0 | 16 / 4 | |
| 2.3.1 | 15 / 4 | |
| 2.3.0 | 15 / 4 | |
| 2.2.0 | 14 / 4 | |
| 2.1.0 | 14 / 4 | |
| 2.0.1 | 14 / 4 | |
| 2.0.0 | 14 / 4 |
v3.10.1
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.