@embroider/macros No license 17 versions

@embroider/macros

npm Repository Homepage

17

Versions

—

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

nullvoxpopulisimonihmigef4rwjbluekatiegenglerreal_ate

Keywords

ember-addon

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Transition from ef4 to GitHub Actions is consistent with CI/CD automation; SLSA provenance attestation confirms integrity.	ai	2026/05/02
publish-pattern	dormant-publish	AI (publish-pattern): Dormancy followed by CI/CD-attested publish in an established monorepo package; no malicious indicators.	ai	2026/05/02
semgrep	semgrep:dynamic-require	AI (semgrep): Used to load ember-source package.json for version detection at build time; not user-controlled arbitrary module loading.	ai	2026/05/02
phantom-deps	phantom-dep:ember-cli-babel	AI (phantom-deps): ember-cli-babel is a legitimate runtime dep used via config/build tooling, not direct import; stable false positive for this package.	ai	2026/04/28

Versions (showing 17 of 17)

Version	Deps	Published
1.20.3	8 / 20	2026-05-26
1.20.2	8 / 20	2026-03-24
1.20.1	8 / 20	2026-03-04
1.20.0	8 / 20	2026-02-24
1.19.7	8 / 20	2026-02-04
1.19.6	8 / 20	2025-12-23
1.19.5	8 / 20	2025-11-26
1.19.4	8 / 20	2025-11-11
1.19.3	8 / 20	2025-11-11
1.19.2	8 / 20	2025-10-15
1.19.1	8 / 20	2025-10-02
1.19.0	8 / 20	2025-09-30
1.18.3	8 / 19	2025-09-30
1.18.2	8 / 18	2025-09-25
1.18.1	8 / 18	2025-07-22
1.18.0	8 / 18	2025-05-20
1.17.3	8 / 18	2025-05-07

v1.20.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.20.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.20.1

2 findings

HIGH Publisher changed: ef4 → GitHub Actions (on 2026-03-04) provenance

This version was published by a different npm account than previous versions on 2026-03-04. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.20.0

2 findings

HIGH Publisher changed: ef4 → GitHub Actions (on 2026-02-24) provenance

This version was published by a different npm account than previous versions on 2026-02-24. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.19.7

2 findings

HIGH Publisher changed: ef4 → GitHub Actions (on 2026-02-04) provenance

This version was published by a different npm account than previous versions on 2026-02-04. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.19.6

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.19.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.19.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.19.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.19.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.19.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.19.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.18.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.18.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.18.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.18.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.17.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.