← Home

@sanity/pkg-utils

npm Repository Homepage

Simple utilities for modern npm packages.

11
Versions
MIT
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

sanity-svc.npmsanity-io

Keywords

sanity-iosanitynpmpackageutilitiesbuildbundling

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
phantom-deps phantom-dep:uuid AI (phantom-deps): Declared dependency; referenced in config files, not directly imported. ai
phantom-deps phantom-dep:@babel/types AI (phantom-deps): Framework-scoped package loaded by Babel convention; stable pattern for this package. ai
phantom-deps phantom-dep:@babel/parser AI (phantom-deps): Framework-scoped package loaded by Babel convention; stable pattern for this package. ai
dependencies unvetted-dep:find-config AI (dependencies): Legitimate config-file-finding utility; appropriate for a build tool package with no known advisories. ai
dependencies unvetted-dep:@optimize-lodash/rollup-plugin AI (dependencies): Rollup plugin for lodash optimization; fits build-tool context, no known advisories. ai
phantom-deps phantom-dep:@babel/preset-typescript AI (phantom-deps): @babel/preset-typescript is a direct dependency in package.json used by the build toolchain, not a phantom dep. ai

Versions (showing 11 of 11)

Version Deps Published
10.4.18 42 / 15
10.4.17 42 / 15
10.4.16 42 / 15
10.4.15 42 / 15
10.4.6 42 / 15
10.3.0 46 / 16
10.2.3 46 / 16
10.0.0 45 / 16
9.2.1 45 / 15
9.2.0 45 / 15
9.0.2 45 / 28

v10.4.18

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v10.4.17

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v10.4.16

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v10.4.15

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v10.4.6

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v10.3.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v10.2.3

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v10.0.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.2.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.2.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.0.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.