@portabletext/editor
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:@portabletext/block-tools | AI (dependencies): First-party sibling package from the portabletext org; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:lodash.startcase | AI (phantom-deps): lodash.startcase is explicitly declared in dependencies; phantom-dep heuristic fires incorrectly here. | ai | |
| dependencies | unvetted-dep:@portabletext/patches | AI (dependencies): First-party sibling package from the same portabletext/editor monorepo. | ai | |
| dependencies | unvetted-dep:@portabletext/to-html | AI (dependencies): First-party sibling package from the same portabletext/editor monorepo. | ai | |
| dependencies | unvetted-dep:@portabletext/html | AI (dependencies): First-party sibling package from the same portabletext/editor monorepo. | ai | |
| dependencies | unvetted-dep:@portabletext/keyboard-shortcuts | AI (dependencies): First-party sibling package from the same portabletext/editor monorepo. | ai | |
| dependencies | unvetted-dep:@portabletext/markdown | AI (dependencies): First-party sibling package from the same portabletext/editor monorepo. | ai | |
| dependencies | unvetted-dep:@portabletext/schema | AI (dependencies): First-party sibling package from the same portabletext/editor monorepo. | ai |
Versions (showing 12 of 112)
| Version | Deps | Published |
|---|---|---|
| 2.21.2 | 15 / 30 | |
| 2.21.1 | 15 / 30 | |
| 2.21.0 | 15 / 30 | |
| 2.20.0 | 15 / 30 | |
| 2.19.3 | 15 / 30 | |
| 2.19.2 | 15 / 30 | |
| 2.19.1 | 15 / 30 | |
| 2.19.0 | 15 / 30 | |
| 2.18.1 | 15 / 30 | |
| 2.18.0 | 15 / 30 | |
| 2.17.2 | 15 / 30 | |
| 2.17.1 | 16 / 30 |
v2.21.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.21.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.21.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.20.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.19.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.19.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.19.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.19.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.18.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.18.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.17.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.17.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.