@sanity/import No license 13 versions

@sanity/import

npm Repository Homepage

13

Versions

—

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

sanity-svc.npmsanity-io

Keywords

sanitycmsheadlessrealtimecontentimportndjson

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	missing-githead	AI (provenance): SLSA provenance attestation present; missing gitHead reflects CI pipeline change, not a supply chain risk for this org package.	ai	2026/05/06
maintainer-change	maintainer-added	AI (maintainer-change): Sanity.io org-level maintainer rotation; published by org service account with strong provenance attestation.	ai	2026/05/06
maintainer-change	maintainer-removed	AI (maintainer-change): Sanity.io org-level maintainer rotation; consistent with internal team changes at an established org.	ai	2026/05/06
phantom-deps	phantom-dep:@oclif/plugin-help	AI (phantom-deps): @oclif/plugin-help is declared as an oclif plugin in config, not directly imported in code — stable false positive for this package.	ai	2026/05/06

Versions (showing 13 of 13)

Version	Deps	Published
6.0.2	9 / 18	2026-05-21
6.0.1	9 / 18	2026-03-26
6.0.0	9 / 18	2026-03-20
5.0.1	12 / 20	2026-03-11
5.0.0	12 / 20	2026-03-10
4.1.3	16 / 26	2026-02-27
4.1.2	16 / 26	2026-02-19
4.1.1	16 / 26	2026-02-09
4.1.0	16 / 26	2026-01-17
4.0.4	16 / 26	2026-01-14
4.0.3	16 / 26	2026-01-07
4.0.2	16 / 26	2026-01-07
4.0.1	16 / 26	2025-12-16

v6.0.2

2 findings

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

INFO Missing gitHead — previous versions had it provenance

[Accepted risk] This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: sanity-svc.npm.

v6.0.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.0.0

2 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: sanity-svc.npm.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.0.1

2 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: sanity-svc.npm.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.0.0

2 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: sanity-svc.npm.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.1.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.1.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.1.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.1.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.0.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.0.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.0.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.0.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.