@storybook/core-common — Greenflagged

Storybook framework-agnostic API

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

ndelangenshilmantmeasdayghengeveldwinkervsbecksyannbfkylegachjreinholdkasperpeulenvalentinpalkovicdomyenstorybook-bot

Keywords

storybook

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
phantom-deps	phantom-dep:glob	AI (phantom-deps): glob is a legitimate dependency referenced in config files; normal for build tooling packages.	ai	2026/04/24
dependencies	unvetted-dep:handlebars	AI (dependencies): Handlebars is a well-known templating library used by Storybook for template rendering; legitimate dependency.	ai	2026/04/24
source-diff	obfuscated-file:dist/index.js	AI (source-diff): dist/index.js is standard esbuild-bundled output for this Storybook package; long lines are minified but readable JS, not obfuscation. Stable pattern for this package.	ai	2026/04/24
source-diff	obfuscated-file:dist/index.mjs	AI (source-diff): dist/index.mjs is standard esbuild-bundled ESM output; imports and exports are clearly readable Storybook internals. Not obfuscation.	ai	2026/04/24
source-diff	source-size-tripled	AI (source-diff): Size increase is due to cross-major-version diff (v7 vs v8) and addition of previously-bundled deps as explicit dependencies. Not a payload injection.	ai	2026/04/24
provenance	no-provenance	AI (provenance): Established Storybook core package with strong publisher track record; lack of provenance attestation is not a meaningful risk signal here.	ai	2026/04/24
dependencies	unvetted-dep:prettier-fallback	AI (dependencies): prettier-fallback is an npm alias for prettier@^3, a documented Storybook pattern for multi-version prettier support. No risk.	ai	2026/04/24
semgrep	semgrep:child-process-import	AI (semgrep): child_process usage is in a build-time bundler pre-script (generate-sb-packages-versions.js), not runtime code. Standard pattern for Storybook's monorepo build tooling.	ai	2026/04/24
phantom-deps	phantom-dep:@types/node	AI (phantom-deps): @types/node is a framework-scoped type package legitimately shipped as a dependency for Node.js type resolution; stable false positive.	ai	2026/04/23
phantom-deps	phantom-dep:pretty-hrtime	AI (phantom-deps): pretty-hrtime is referenced in config files as documented; stable false positive for this package.	ai	2026/04/23
phantom-deps	phantom-dep:@types/pretty-hrtime	AI (phantom-deps): Type package legitimately shipped for TypeScript consumers; stable false positive.	ai	2026/04/23
phantom-deps	phantom-dep:@types/node-fetch	AI (phantom-deps): Type package for node-fetch, legitimately shipped for TypeScript consumers; stable false positive.	ai	2026/04/23
phantom-deps	phantom-dep:@types/find-cache-dir	AI (phantom-deps): Type package legitimately shipped for TypeScript consumers; stable false positive.	ai	2026/04/23
phantom-deps	phantom-dep:esbuild	AI (phantom-deps): esbuild is a documented runtime/binary dependency for Storybook's build tooling; phantom detection is a stable false positive for this package.	ai	2026/04/23

Versions (showing 51 of 179)

Show 16 prereleases View all versions

Version	Deps	Published
8.6.18	0 / 0	2026-03-06
8.6.17	0 / 0	2026-02-18
8.6.16	0 / 0	2026-02-17
8.6.15	0 / 0	2025-12-17
8.6.14	0 / 0	2025-05-16
8.6.13	0 / 0	2025-05-16
8.6.12	0 / 0	2025-04-02
8.6.11	0 / 0	2025-03-28
8.6.10	0 / 0	2025-03-26
8.6.9	0 / 0	2025-03-24
8.6.8	0 / 0	2025-03-22
8.6.7	0 / 0	2025-03-17
8.6.6	0 / 0	2025-03-15
8.6.5	0 / 0	2025-03-14
8.6.4	0 / 0	2025-03-05
8.6.3	0 / 0	2025-03-01
8.6.2	0 / 0	2025-02-27
8.6.1	0 / 0	2025-02-27
8.6.0	0 / 0	2025-02-25
8.5.8	0 / 0	2025-02-19
8.5.7	0 / 0	2025-02-18
8.5.6	0 / 0	2025-02-14
8.5.5	0 / 0	2025-02-12
8.5.4	0 / 0	2025-02-11
8.5.3	0 / 0	2025-02-01
8.5.2	0 / 0	2025-01-27
8.5.1	0 / 0	2025-01-23
8.5.0	0 / 0	2025-01-15
8.4.7	0 / 0	2024-12-05
8.4.4	0 / 0	2024-11-14
8.4.3	0 / 0	2024-11-13
8.4.2	0 / 0	2024-11-05
8.4.1	0 / 0	2024-11-01
8.4.0	0 / 0	2024-10-31
8.3.7	0 / 0	2024-11-04
8.3.6	0 / 0	2024-10-18
8.3.5	0 / 0	2024-10-04
8.3.4	0 / 0	2024-09-28
8.3.3	0 / 0	2024-09-24
8.3.2	0 / 0	2024-09-19
8.3.1	0 / 0	2024-09-16
8.3.0	0 / 0	2024-09-11
8.2.10	0 / 0	2024-11-04
8.2.9	0 / 0	2024-08-13
8.2.8	0 / 0	2024-08-07
8.2.7	0 / 0	2024-08-01
8.2.6	0 / 0	2024-07-24
8.2.5	0 / 0	2024-07-19
8.2.4	0 / 0	2024-07-16
8.2.3	0 / 0	2024-07-15
8.2.2	0 / 0	2024-07-11