@embroider/core No license 27 versions

@embroider/core

npm Repository Homepage

27

Versions

—

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

nullvoxpopulisimonihmigef4rwjbluekatiegenglerreal_ate

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
dependencies	unvetted-dep:handlebars	AI (dependencies): handlebars is a long-standing dep of @embroider/core used for template processing; not a new addition.	ai	2026/05/27
semgrep	semgrep:dynamic-require	AI (semgrep): Build tool loading babel plugins dynamically; expected pattern for this package.	ai	2026/05/16
bogus-package	bogus-package	AI (bogus-package): turbo87 is a known Ember ecosystem maintainer; mass-production signal is expected.	ai	2026/05/16
phantom-deps	phantom-dep:broccoli-source	AI (phantom-deps): Broccoli build ecosystem dep; declared and used transitively.	ai	2026/05/15
phantom-deps	phantom-dep:babel-plugin-ember-template-compilation	AI (phantom-deps): Ember template compilation plugin loaded by convention.	ai	2026/05/15
phantom-deps	phantom-dep:broccoli-persistent-filter	AI (phantom-deps): Broccoli build ecosystem dep; declared and used transitively.	ai	2026/05/15
phantom-deps	phantom-dep:fs-tree-diff	AI (phantom-deps): Broccoli build ecosystem dep; declared and used transitively.	ai	2026/05/15
phantom-deps	phantom-dep:@babel/parser	AI (phantom-deps): Framework-scoped babel dep loaded by convention.	ai	2026/05/15
typosquat	typosquat.levenshtein:cors	AI (typosquat): Scoped @embroider/core is not a typosquat of cors; completely different namespace and purpose.	ai	2026/05/15

Versions (showing 27 of 27)

Version	Deps	Published
4.5.0	27 / 19	2026-05-26
4.4.7	27 / 19	2026-03-24
4.4.6	27 / 19	2026-03-18
4.4.5	27 / 19	2026-03-04
4.4.4	27 / 19	2026-02-24
4.4.3	27 / 19	2026-02-04
4.4.2	27 / 19	2025-12-23
4.4.1	27 / 19	2025-12-11
4.4.0	27 / 19	2025-12-02
4.3.0	27 / 19	2025-11-28
4.2.9	27 / 19	2025-11-26
4.2.8	27 / 19	2025-11-19
4.2.7	27 / 19	2025-11-11
4.2.6	27 / 19	2025-11-11
4.2.5	27 / 19	2025-10-15
4.2.4	27 / 19	2025-10-02
4.2.3	27 / 19	2025-09-30
4.2.2	27 / 19	2025-09-30
4.2.1	27 / 19	2025-09-25
4.2.0	27 / 19	2025-09-11
4.1.3	27 / 19	2025-07-23
4.1.1	27 / 19	2025-06-24
4.1.0	27 / 19	2025-05-20
4.0.4	27 / 19	2025-05-20
4.0.3	27 / 19	2025-05-07
3.5.10	25 / 18	2026-04-29
3.5.9	25 / 18	2025-12-02

v4.5.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.4.7

2 findings

HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@embroider/core' is 1 edit(s) away from popular package 'cors'.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.4.6

2 findings

HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@embroider/core' is 1 edit(s) away from popular package 'cors'.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.4.5

2 findings

HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@embroider/core' is 1 edit(s) away from popular package 'cors'.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.4.4

2 findings

HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@embroider/core' is 1 edit(s) away from popular package 'cors'.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.4.3

2 findings

HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@embroider/core' is 1 edit(s) away from popular package 'cors'.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.4.2

2 findings

HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@embroider/core' is 1 edit(s) away from popular package 'cors'.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.4.1

2 findings

HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@embroider/core' is 1 edit(s) away from popular package 'cors'.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.4.0

2 findings

HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@embroider/core' is 1 edit(s) away from popular package 'cors'.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.3.0

2 findings

HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@embroider/core' is 1 edit(s) away from popular package 'cors'.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.2.9

2 findings

HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@embroider/core' is 1 edit(s) away from popular package 'cors'.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.2.8

2 findings

HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@embroider/core' is 1 edit(s) away from popular package 'cors'.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.2.7

2 findings

HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@embroider/core' is 1 edit(s) away from popular package 'cors'.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.2.6

2 findings

HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@embroider/core' is 1 edit(s) away from popular package 'cors'.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.2.5

2 findings

HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@embroider/core' is 1 edit(s) away from popular package 'cors'.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.2.4

2 findings

HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@embroider/core' is 1 edit(s) away from popular package 'cors'.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.2.3

2 findings

HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@embroider/core' is 1 edit(s) away from popular package 'cors'.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.2.2

2 findings

HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@embroider/core' is 1 edit(s) away from popular package 'cors'.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.2.1

2 findings

HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@embroider/core' is 1 edit(s) away from popular package 'cors'.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.2.0

2 findings

HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@embroider/core' is 1 edit(s) away from popular package 'cors'.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.1.3

2 findings

HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@embroider/core' is 1 edit(s) away from popular package 'cors'.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.1.1

2 findings

HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@embroider/core' is 1 edit(s) away from popular package 'cors'.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.1.0

2 findings

HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@embroider/core' is 1 edit(s) away from popular package 'cors'.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.0.4

2 findings

HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@embroider/core' is 1 edit(s) away from popular package 'cors'.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.0.3

2 findings

HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@embroider/core' is 1 edit(s) away from popular package 'cors'.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.5.10

2 findings

HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@embroider/core' is 1 edit(s) away from popular package 'cors'.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.5.9

2 findings

HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@embroider/core' is 1 edit(s) away from popular package 'cors'.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.