@docusaurus/theme-common

Common code for Docusaurus themes.

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

fbslorberlex111docusaurus-bot

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
phantom-deps	phantom-dep:@docusaurus/plugin-content-pages	AI (phantom-deps): Same org scope, declared for type-level integration in a monorepo context; not a security concern.	ai	2026/04/22
dependencies	unvetted-dep:@docusaurus/plugin-content-pages	AI (dependencies): First-party Docusaurus monorepo package pinned to same version; expected dependency for theme-common integration with pages plugin.	ai	2026/04/22
dependencies	unvetted-dep:@docusaurus/plugin-content-blog	AI (dependencies): First-party Docusaurus monorepo package pinned to same version; expected dependency for theme-common integration with blog plugin.	ai	2026/04/22
provenance	publisher-changed	AI (provenance): Docusaurus migrated to GitHub Actions CI/CD publishing with SLSA provenance attestation. The publisher change from slorber to GitHub Actions is a documented, intentional supply chain improvement for the facebook/docusaurus monorepo.	ai	2026/04/22
dependencies	unvetted-dep:@types/history	AI (dependencies): @types/history is a well-known DefinitelyTyped type package used by Docusaurus for module type aliases; no security risk.	ai	2026/04/22
dependencies	unvetted-dep:@types/react-router-config	AI (dependencies): @types/react-router-config is a well-known DefinitelyTyped type package used by Docusaurus for module type aliases; no security risk.	ai	2026/04/22
provenance	no-provenance	AI (provenance): Established Docusaurus monorepo package published by trusted maintainer slorber; absence of Sigstore provenance is not a concern here.	ai	2026/04/22
phantom-deps	phantom-dep:@types/history	AI (phantom-deps): Type-only package loaded by convention; stable false positive for this package.	ai	2026/04/21
phantom-deps	phantom-dep:@types/react	AI (phantom-deps): @types/react is a framework-scoped type package loaded by convention in TypeScript/React projects; not a real phantom dependency concern.	ai	2026/04/21
phantom-deps	phantom-dep:@docusaurus/module-type-aliases	AI (phantom-deps): Same-org type alias package; loaded by convention in the Docusaurus ecosystem, not a real phantom dependency.	ai	2026/04/21
phantom-deps	phantom-dep:@types/react-router-config	AI (phantom-deps): Type-only package loaded by convention; stable false positive for this package.	ai	2026/04/21
phantom-deps	phantom-dep:tslib	AI (phantom-deps): tslib is a known implicit runtime dependency for TypeScript-compiled packages; stable false positive.	ai	2026/04/21
bogus-package	bogus-package	AI (bogus-package): Monorepo package from facebook/docusaurus; inflated semver reflects lockstep versioning, short README and no keywords are typical for internal monorepo packages.	ai	2026/04/21

Versions (showing 100 of 169)

Hide prereleases

Version	Deps	Published
3.10.1	12 / 5	2026-04-30
3.10.0	12 / 5	2026-04-07
3.9.2	12 / 5	2025-10-17
3.9.1	12 / 5	2025-09-26
3.9.0	12 / 5	2025-09-25
3.8.1	12 / 4	2025-06-06
3.8.0	12 / 4	2025-05-27
3.7.0	12 / 5	2025-01-03
3.6.3	12 / 5	2024-11-22
3.6.2	12 / 5	2024-11-19
3.6.1	12 / 5	2024-11-08
3.6.0	12 / 5	2024-11-04
3.5.2	12 / 5	2024-08-13
3.5.1	12 / 5	2024-08-09
3.5.0	12 / 5	2024-08-09
3.4.0	15 / 5	2024-05-31
3.3.2	15 / 5	2024-05-03
3.3.1	15 / 5	2024-05-03
3.3.0	15 / 5	2024-05-03
3.2.1	15 / 5	2024-04-04
3.2.0	15 / 5	2024-03-29
3.1.1	15 / 4	2024-01-26
3.1.0	15 / 4	2024-01-05
3.0.1	15 / 4	2023-11-30
3.0.0	15 / 4	2023-10-31
2.4.3	16 / 4	2023-09-20
2.4.1	16 / 4	2023-05-15
2.4.0	16 / 4	2023-03-23
2.3.1	15 / 4	2023-02-03
2.3.0	15 / 4	2023-01-27
2.2.0	14 / 4	2022-10-29
2.1.0	14 / 4	2022-09-02
2.0.1	14 / 4	2022-08-01
2.0.0	14 / 4	2022-08-01
3.9.2-canary-6578	12 / 5	2026-04-13
3.9.2-canary-6573	12 / 5	2026-04-10
3.9.2-canary-6572	12 / 5	2026-04-09
3.9.2-canary-6571	12 / 5	2026-04-09
3.9.2-canary-6570	12 / 5	2026-04-07
3.9.2-canary-6569	12 / 5	2026-04-07
3.9.2-canary-6568	12 / 5	2026-04-07
3.9.2-canary-6563	12 / 5	2026-04-03
3.9.2-canary-6562	12 / 5	2026-04-03
3.9.2-canary-6556	12 / 5	2026-04-02
3.9.2-canary-6554	12 / 5	2026-04-02
3.9.2-canary-6546	12 / 5	2026-03-26
3.9.2-canary-6545	12 / 5	2026-03-19
3.9.2-canary-6544	12 / 5	2026-03-19
3.9.2-canary-6543	12 / 5	2026-03-19
3.9.2-canary-6542	12 / 5	2026-03-24
3.9.2-canary-6541	12 / 5	2026-03-19
3.9.2-canary-6540	12 / 5	2026-03-20
3.9.2-canary-6528	12 / 5	2026-03-11
3.9.2-canary-6526	12 / 5	2026-03-10
3.9.2-canary-6508	12 / 5	2026-02-13
3.9.2-canary-6505	12 / 5	2026-02-05
3.9.2-canary-6499	12 / 5	2026-02-05
3.9.2-canary-6495	12 / 5	2026-02-05
3.9.2-canary-6466	12 / 5	2025-12-09
3.9.2-canary-6465	12 / 5	2025-12-09
3.9.2-canary-6464	12 / 5	2025-12-05
3.9.2-canary-6463	12 / 5	2025-12-05
3.9.2-canary-6461	12 / 5	2025-12-05
3.9.2-canary-6460	12 / 5	2025-12-05
3.9.2-canary-6458	12 / 5	2025-12-04
3.9.2-canary-6450	12 / 5	2025-11-21
3.9.2-canary-6449	12 / 5	2025-11-21
3.9.2-canary-6448	12 / 5	2025-11-21
3.9.2-canary-6447	12 / 5	2025-11-20
3.9.2-canary-6446	12 / 5	2025-11-20
3.9.2-canary-6445	12 / 5	2025-11-20
3.9.2-canary-6444	12 / 5	2025-11-20
3.9.2-canary-6443	12 / 5	2025-11-20
3.9.2-canary-6439	12 / 5	2025-11-14
3.9.2-canary-6437	12 / 5	2025-11-14
3.9.2-canary-6436	12 / 5	2025-11-06
3.9.2-canary-6431	12 / 5	2025-10-21
3.9.2-canary-6429	12 / 5	2025-10-17
3.9.2-canary-6426	12 / 5	2025-10-17
3.9.2-alpha.4	12 / 5	2026-03-20
3.9.2-alpha.3	12 / 5	2026-03-20
3.9.2-alpha.1-canary-6539	12 / 5	2026-03-20
3.9.2-alpha.1	12 / 5	2026-03-20
3.9.2-alpha.0-canary-6548	12 / 5	2026-03-19
3.9.2-alpha.0	12 / 5	2026-03-19
3.9.1-canary-6425	12 / 5	2025-10-17
3.9.1-canary-6424	12 / 5	2025-10-17
3.9.1-canary-6423	12 / 5	2025-10-16
3.9.1-canary-6418	12 / 5	2025-10-13
3.9.1-canary-6416	12 / 5	2025-10-10
3.9.1-canary-6415	12 / 5	2025-10-09
3.9.1-canary-6412	12 / 5	2025-10-09
3.9.1-canary-6411	12 / 5	2025-10-09
3.9.1-canary-6409	12 / 5	2025-09-26
3.9.1-canary-6408	12 / 5	2025-09-26
3.9.1-canary-6407	12 / 5	2025-09-26
3.9.0-canary-6406	12 / 5	2025-09-26
3.9.0-canary-6403	12 / 5	2025-09-25
3.8.1-canary-6402	12 / 5	2025-09-25
3.8.1-canary-6401	12 / 5	2025-09-23

Showing 100 of 169 Next page →

v3.10.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.9.2-canary-6578

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.9.2-canary-6573

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.9.2-canary-6572

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.9.2-canary-6571

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.9.2-canary-6570

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.9.2-canary-6569

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.9.2-canary-6568

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.9.2-canary-6563

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.9.2-canary-6562

2 findings

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

INFO Publisher changed: slorber → GitHub Actions (on 2026-04-03) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2026-04-03. This could indicate a legitimate maintainer transition or an account compromise.

v3.9.2-canary-6556

2 findings

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

INFO Publisher changed: slorber → GitHub Actions (on 2026-04-02) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2026-04-02. This could indicate a legitimate maintainer transition or an account compromise.

v3.9.2-canary-6554

2 findings

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

INFO Publisher changed: slorber → GitHub Actions (on 2026-04-02) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2026-04-02. This could indicate a legitimate maintainer transition or an account compromise.

v3.9.2-canary-6546

2 findings

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

INFO Publisher changed: slorber → GitHub Actions (on 2026-03-26) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2026-03-26. This could indicate a legitimate maintainer transition or an account compromise.

v3.9.2-canary-6545

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.9.2-canary-6544

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.9.2-canary-6543

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.9.2-canary-6542

2 findings

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

INFO Publisher changed: slorber → GitHub Actions (on 2026-03-24) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2026-03-24. This could indicate a legitimate maintainer transition or an account compromise.

v3.9.2-canary-6541

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.9.2-canary-6540

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.9.2-canary-6528

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.9.2-canary-6526

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.9.2-canary-6508

2 findings

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

INFO Publisher changed: docusaurus-bot → GitHub Actions (on 2026-02-13) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2026-02-13. This could indicate a legitimate maintainer transition or an account compromise.

v3.9.2-canary-6505

2 findings

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

INFO Publisher changed: docusaurus-bot → GitHub Actions (on 2026-02-05) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2026-02-05. This could indicate a legitimate maintainer transition or an account compromise.

v3.9.2-canary-6499

2 findings

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

INFO Publisher changed: docusaurus-bot → GitHub Actions (on 2026-02-05) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2026-02-05. This could indicate a legitimate maintainer transition or an account compromise.

v3.9.2-canary-6495

2 findings

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

INFO Publisher changed: docusaurus-bot → GitHub Actions (on 2026-02-05) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2026-02-05. This could indicate a legitimate maintainer transition or an account compromise.

v3.9.2-canary-6466

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.9.2-canary-6465

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.9.2-canary-6464

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.9.2-canary-6463

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.9.2-canary-6461

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.9.2-canary-6460

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.9.2-canary-6458

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.9.2-canary-6450

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.9.2-canary-6449

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.9.2-canary-6448

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.9.2-canary-6447

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.9.2-canary-6446

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.9.2-canary-6445

2 findings

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: slorber → docusaurus-bot (on 2025-11-20) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2025-11-20. This could indicate a legitimate maintainer transition or an account compromise.

v3.9.2-canary-6444

2 findings

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: slorber → docusaurus-bot (on 2025-11-20) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2025-11-20. This could indicate a legitimate maintainer transition or an account compromise.

v3.9.2-canary-6443

2 findings

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: slorber → docusaurus-bot (on 2025-11-20) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2025-11-20. This could indicate a legitimate maintainer transition or an account compromise.

v3.9.2-canary-6439

2 findings

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: slorber → docusaurus-bot (on 2025-11-14) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2025-11-14. This could indicate a legitimate maintainer transition or an account compromise.

v3.9.2-canary-6437

2 findings

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: slorber → docusaurus-bot (on 2025-11-14) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2025-11-14. This could indicate a legitimate maintainer transition or an account compromise.

v3.9.2-canary-6436

2 findings

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: slorber → docusaurus-bot (on 2025-11-06) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2025-11-06. This could indicate a legitimate maintainer transition or an account compromise.

v3.9.2-canary-6431

2 findings

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: slorber → docusaurus-bot (on 2025-10-21) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2025-10-21. This could indicate a legitimate maintainer transition or an account compromise.

v3.9.2-canary-6429

2 findings

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: slorber → docusaurus-bot (on 2025-10-17) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2025-10-17. This could indicate a legitimate maintainer transition or an account compromise.

v3.9.2-canary-6426

2 findings

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: slorber → docusaurus-bot (on 2025-10-17) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2025-10-17. This could indicate a legitimate maintainer transition or an account compromise.

v3.9.2-alpha.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.9.2-alpha.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.9.2-alpha.1-canary-6539

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.9.2-alpha.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.9.2-alpha.0-canary-6548

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.9.2-alpha.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.9.1-canary-6425

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.9.1-canary-6424

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.9.1-canary-6423

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.9.1-canary-6418

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.9.1-canary-6416

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.9.1-canary-6415

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.9.1-canary-6412

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.9.1-canary-6411

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.9.1-canary-6409

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.9.1-canary-6408

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.9.1-canary-6407

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.9.0-canary-6406

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.9.0-canary-6403

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.8.1-canary-6402

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.8.1-canary-6401

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.