@storybook/preview-api — Greenflagged

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

ndelangenshilmantmeasdayghengeveldwinkervsbecksyannbfkylegachjreinholdkasperpeulenvalentinpalkovicdomyenstorybook-bot

Keywords

storybook

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
phantom-deps	phantom-dep:@storybook/channel-postmessage	AI (phantom-deps): Monorepo internal dependency; workspace-level management is standard for Storybook's structure.	ai	2026/04/24
source-diff	obfuscated-file:dist/client-api.js	AI (source-diff): Standard esbuild CJS bundle output for @storybook/preview-api; readable exports, no actual obfuscation.	ai	2026/04/24
source-diff	obfuscated-file:dist/addons.js	AI (source-diff): Standard esbuild CJS bundle output for @storybook/preview-api; readable exports, no actual obfuscation.	ai	2026/04/24
source-diff	obfuscated-file:dist/core-client.js	AI (source-diff): Standard esbuild CJS bundle output for @storybook/preview-api; readable exports, no actual obfuscation.	ai	2026/04/24
source-diff	obfuscated-file:dist/index.js	AI (source-diff): Standard esbuild CJS bundle output for @storybook/preview-api; readable exports, no actual obfuscation.	ai	2026/04/24
source-diff	obfuscated-file:dist/preview-web.js	AI (source-diff): Standard esbuild CJS bundle output for @storybook/preview-api; readable exports, no actual obfuscation.	ai	2026/04/24
source-diff	obfuscated-file:dist/store.js	AI (source-diff): Standard esbuild CJS bundle output for @storybook/preview-api; readable exports, no actual obfuscation.	ai	2026/04/24
source-diff	source-size-tripled	AI (source-diff): v7.x ships bundled dist files unlike v8.x baseline; size difference is expected across major versions.	ai	2026/04/24
source-diff	large-new-source-files	AI (source-diff): v7.x architecture bundles dist files that v8.x consolidated into @storybook/core; expected diff.	ai	2026/04/24
provenance	publisher-changed	AI (provenance): Storybook project transitioned to storybook-bot for automated publishing; bot has 12,996 approved versions across 44 packages.	ai	2026/04/24
maintainer-change	maintainer-added	AI (maintainer-change): storybook-bot is the official Storybook publishing bot; addition is a legitimate project-wide transition.	ai	2026/04/24
dependencies	unvetted-dep:@types/qs	AI (dependencies): @types/qs is a legitimate DefinitelyTyped package for the well-known 'qs' library; its use as a dependency in this bundled Storybook package is benign and stable across versions.	ai	2026/04/24
phantom-deps	phantom-dep:@types/qs	AI (phantom-deps): @types/qs is a TypeScript type definition used at compile time, not imported at runtime. Phantom dep finding is expected.	ai	2026/04/23
npm-metadata	no-description	AI (npm-metadata): Monorepo sub-package; empty description is standard practice for @storybook/* internal packages.	ai	2026/04/23
bogus-package	bogus-package	AI (bogus-package): README/description signals are false positives for @storybook monorepo sub-packages that don't need standalone docs.	ai	2026/04/23
provenance	no-provenance	AI (provenance): Storybook 7.x predates widespread provenance adoption; absence is not suspicious for this well-established package.	ai	2026/04/23

Versions (showing 67 of 167)

Hide prereleases

Version	Deps	Published
7.6.2	14 / 4	2023-11-30
7.6.1	14 / 4	2023-11-29
7.6.0	14 / 4	2023-11-28
7.5.3	14 / 5	2023-11-06
7.5.2	14 / 5	2023-10-30
7.5.1	14 / 5	2023-10-19
7.5.0	14 / 5	2023-10-17
7.4.6	14 / 5	2023-10-03
7.4.5	14 / 5	2023-09-24
7.4.4	14 / 5	2023-09-22
7.4.3	14 / 5	2023-09-20
7.4.2	14 / 5	2023-09-15
7.4.1	14 / 5	2023-09-11
7.4.0	14 / 5	2023-08-29
7.3.2	14 / 5	2023-08-18
7.3.1	14 / 5	2023-08-16
7.3.0	14 / 5	2023-08-15
7.2.3	14 / 5	2023-08-11
7.2.2	14 / 5	2023-08-09
7.2.1	14 / 5	2023-08-03
7.2.0	14 / 5	2023-08-01
7.1.1	15 / 5	2023-07-24
7.1.0	15 / 5	2023-07-18
7.0.27	15 / 5	2023-07-12
7.0.26	15 / 5	2023-07-05
7.0.25	15 / 5	2023-07-03
7.0.24	15 / 5	2023-06-27
7.0.23	15 / 5	2023-06-22
7.0.22	15 / 5	2023-06-17
7.0.21	15 / 5	2023-06-15
7.0.20	15 / 5	2023-06-08
7.0.19	15 / 5	2023-06-08
7.0.18	15 / 5	2023-05-26
7.0.17	15 / 5	2023-05-24
7.0.16	15 / 5	2023-05-24
7.0.15	15 / 5	2023-05-23
7.0.14	15 / 5	2023-05-23
7.0.13	15 / 5	2023-05-22
7.0.12	15 / 5	2023-05-15
7.0.11	15 / 5	2023-05-12
7.0.10	15 / 5	2023-05-09
7.0.9	15 / 5	2023-05-05
7.0.8	15 / 5	2023-05-03
7.0.7	15 / 5	2023-04-24
7.0.6	15 / 5	2023-04-18
7.0.5	15 / 5	2023-04-15
7.0.4	15 / 5	2023-04-12
7.0.3	15 / 5	2023-04-12
7.0.2	15 / 5	2023-04-03
7.0.1	15 / 5	2023-04-03
7.0.0	15 / 5	2023-03-31
0.0.0-pr-34011-sha-c45b0f3f	14 / 4	2026-03-06
0.0.0-pr-34011-sha-1f3f0b01	14 / 4	2026-03-04
0.0.0-pr-34009-sha-c90626e7	0 / 0	2026-03-04
0.0.0-pr-33859-sha-95913f7f	14 / 4	2026-02-17
0.0.0-pr-33859-sha-3b5f3a7d	14 / 4	2026-02-17
0.0.0-pr-33859-sha-2907ae70	14 / 4	2026-02-17
0.0.0-pr-33859-sha-13cfcf7c	14 / 4	2026-02-17
0.0.0-pr-33857-sha-9cf9d89d	0 / 0	2026-02-17
0.0.0-pr-33846-sha-e0cc7193	14 / 4	2026-02-17
0.0.0-pr-33846-sha-d3bab8e5	14 / 4	2026-02-16
0.0.0-pr-33846-sha-a9ac2fb4	14 / 4	2026-02-17
0.0.0-pr-33846-sha-6794f13b	14 / 4	2026-02-16
0.0.0-pr-33843-sha-df25ab64	0 / 0	2026-02-16
0.0.0-pr-33843-sha-b5b9b384	0 / 0	2026-02-16
0.0.0-pr-33843-sha-99db7e4e	0 / 0	2026-02-17
0.0.0-pr-33843-sha-6c2ca004	0 / 0	2026-02-16