← Home

@shikijs/langs

npm Repository Homepage

TextMate grammars for Shiki in ESM

3
Versions
MIT
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

antfuortaoctref

Keywords

shikitextmate-grammars

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
typosquat typosquat.levenshtein:yargs AI (typosquat): @shikijs/langs is a scoped TextMate grammar package in the shiki ecosystem; string distance to 'yargs' is coincidental and not a typosquat. ai
bogus-package bogus-package AI (bogus-package): antfu (Anthony Fu) is a well-known OSS developer; inflated semver reflects monorepo extraction at v4.x; short README is normal for monorepo sub-packages. SLSA provenance confirms legitimacy. ai
dependencies unvetted-dep:@shikijs/types AI (dependencies): @shikijs/types is a sibling package in the same shikijs/shiki monorepo; dependency is expected and benign. ai

Versions (showing 3 of 3)

Version Deps Published
4.1.0 1 / 1
4.0.2 1 / 1
3.19.0 1 / 1

v4.1.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.19.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.