← Home

@epic-web/workshop-utils

npm Repository Homepage

Shared utilities for the Epic Workshop ecosystem.

48
Versions
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

kettanaitokentcdoddsepic-web-bot

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
source-diff obfuscated-file:dist/launch-editor.server.js AI (source-diff): File is readable source copied from CRA's launchEditor.js; long lines are editor-path maps, not obfuscation. ai
provenance publisher-changed AI (provenance): Package publishes via GitHub Actions CI with SLSA attestation; kentcdodds→GHA is the expected automated publishing transition. ai
source-diff obfuscated-file:dist/esm/launch-editor.server.js AI (source-diff): Long lines are from a large object literal (editor path map), not obfuscation; code is readable and sourced from create-react-app. ai
publish-pattern new-deps-added AI (publish-pattern): shell-quote is a well-known safe argument-quoting utility, directly used in launch-editor.server.js. ai
bogus-package bogus-package AI (bogus-package): Utility library for epicshop workshop tooling; sparse README/no keywords is a style choice, not a spam signal. ai
dependencies unvetted-dep:@types/chai AI (dependencies): TypeScript type definitions package; no runtime risk. ai
publish-pattern dormant-publish AI (publish-pattern): SLSA provenance attestation via GitHub Actions CI/CD mitigates account-takeover risk; no material changes from prior version. ai
dependencies unvetted-dep:@react-router/node AI (dependencies): Official @react-router scoped package from the React Router ecosystem; legitimate dependency. ai
phantom-deps phantom-dep:@types/chai AI (phantom-deps): Framework-scoped type package; loaded by convention. ai
phantom-deps phantom-dep:@types/chai-dom AI (phantom-deps): Framework-scoped type package; loaded by convention. ai
phantom-deps phantom-dep:react AI (phantom-deps): Workshop utils package; react is a peer/config-referenced dep, not directly imported in source. ai
phantom-deps phantom-dep:mdast-util-mdx-jsx AI (phantom-deps): MDX AST utility; used via plugin chain, not direct import. ai
phantom-deps phantom-dep:unist-util-remove-position AI (phantom-deps): Unist utility; used via plugin chain, not direct import. ai
phantom-deps phantom-dep:@react-router/node AI (phantom-deps): Config-referenced dep; stable false positive for this workshop utils package. ai
phantom-deps phantom-dep:pkgmgr AI (phantom-deps): Referenced in config files; consistent with workshop tooling pattern. ai
phantom-deps phantom-dep:rehype AI (phantom-deps): MDX/markdown processing dep used via config/plugin chain, not direct import. ai
phantom-deps phantom-dep:remark AI (phantom-deps): MDX/markdown processing dep used via config/plugin chain, not direct import. ai
phantom-deps phantom-dep:esbuild AI (phantom-deps): Known implicit runtime/binary dependency; stable false positive for this package. ai
phantom-deps phantom-dep:unified AI (phantom-deps): MDX pipeline dep; loaded by convention, not direct import. ai
phantom-deps phantom-dep:react-dom AI (phantom-deps): Config-referenced peer dep; stable false positive for this package. ai
phantom-deps phantom-dep:@mdx-js/mdx AI (phantom-deps): MDX compilation dep; used via config, not direct import. ai

Versions (showing 48 of 248)

Version Deps Published
6.17.0 49 / 5
6.16.8 48 / 4
6.16.7 48 / 4
6.16.6 48 / 4
6.16.5 48 / 4
6.16.4 48 / 4
6.16.3 48 / 4
6.16.2 48 / 4
6.16.1 48 / 4
6.16.0 48 / 4
6.15.3 48 / 4
6.15.2 48 / 4
6.15.1 48 / 4
6.15.0 48 / 4
6.14.4 47 / 4
6.14.3 47 / 4
6.14.2 47 / 4
6.14.1 47 / 4
6.14.0 47 / 4
6.13.0 47 / 4
6.12.1 47 / 4
6.12.0 47 / 4
6.11.11 47 / 4
6.11.10 47 / 4
6.11.9 47 / 4
6.11.8 47 / 4
6.11.7 47 / 4
6.11.5 47 / 4
6.11.4 47 / 4
6.11.3 47 / 4
6.11.2 47 / 4
6.11.1 47 / 4
6.11.0 47 / 4
6.10.0 47 / 4
6.9.0 47 / 4
6.8.0 47 / 4
6.7.0 47 / 4
6.6.2 47 / 4
6.6.1 47 / 4
6.6.0 47 / 4
6.5.1 47 / 4
6.5.0 47 / 4
6.4.1 47 / 4
6.4.0 47 / 4
6.3.0 47 / 4
6.2.0 47 / 4
6.1.0 47 / 4
6.0.0 47 / 4

v6.17.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.16.8

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.16.7

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.16.6

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.16.5

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.16.4

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.16.3

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.16.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.16.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.16.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.15.3

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.15.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.15.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.15.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.14.4

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.14.3

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.14.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.14.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.14.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.13.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.12.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.12.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.11.11

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.11.10

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.11.9

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.11.8

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.11.7

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.11.5

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.11.4

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.11.3

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.11.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.11.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.11.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.10.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.9.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.8.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.7.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.6.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.6.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.6.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.5.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.5.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.4.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.4.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.3.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.2.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.1.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.0.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.