@storybook/test — Greenflagged

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

ndelangenshilmantmeasdayghengeveldwinkervsbecksyannbfkylegachjreinholdkasperpeulenvalentinpalkovicdomyenstorybook-bot

Keywords

storybook

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
dependencies	unvetted-dep:@types/chai	AI (dependencies): @types/chai is a well-known DefinitelyTyped package with millions of downloads; no real risk for this package.	ai	2026/04/24
phantom-deps	phantom-dep:@types/chai	AI (phantom-deps): Type-only dependency loaded by convention; not directly imported in runtime code. Expected pattern for TypeScript packages.	ai	2026/04/24
publish-pattern	rapid-publish	AI (publish-pattern): Storybook is a large monorepo that publishes many packages simultaneously via CI. Rapid successive publishes are expected and normal for this package.	ai	2026/04/24
provenance	publisher-changed	AI (provenance): shilman is a long-standing Storybook core maintainer; publisher rotations within the Storybook team are expected and not indicative of compromise.	ai	2026/04/24
publish-pattern	new-deps-added	AI (publish-pattern): @storybook/global is a first-party Storybook org package; adding intra-org deps is routine for this monorepo.	ai	2026/04/24
phantom-deps	phantom-dep:@storybook/csf	AI (phantom-deps): Same-org scope phantom dep in a monorepo sub-package; @storybook/csf is a legitimate Storybook dependency used indirectly.	ai	2026/04/24
phantom-deps	phantom-dep:@storybook/preview-api	AI (phantom-deps): Same-org dependency within the Storybook monorepo; phantom-dep detection is a known false positive for intra-monorepo packages.	ai	2026/04/24
typosquat	typosquat.levenshtein:jest	AI (typosquat): @storybook/test is the official Storybook testing utility, not a typosquat of jest. Scoped under the legitimate @storybook org with 764 versions and a trusted publisher.	ai	2026/04/24
typosquat	typosquat.levenshtein:next	AI (typosquat): @storybook/test is the official Storybook testing utility, not a typosquat of next. Levenshtein match is algorithmic noise for this well-established scoped package.	ai	2026/04/24
typosquat	typosquat.levenshtein:vitest	AI (typosquat): @storybook/test intentionally wraps @vitest/expect and @vitest/spy — similarity to vitest is by design, not impersonation.	ai	2026/04/24
phantom-deps	phantom-dep:chai	AI (phantom-deps): chai is a declared dependency explicitly listed in bundler.noExternal, meaning it is bundled into the dist output rather than directly imported at source level.	ai	2026/04/24
phantom-deps	phantom-dep:@storybook/core-events	AI (phantom-deps): Same-org dependency within the Storybook monorepo; phantom-dep detection is a known false positive for intra-monorepo packages.	ai	2026/04/24
dependencies	unvetted-dep:@storybook/global	AI (dependencies): @storybook/global is a first-party Storybook package from the same org/monorepo; not a third-party risk. Stable accept for this package.	ai	2026/04/23
npm-metadata	no-description	AI (npm-metadata): Empty description is a known pattern in some Storybook monorepo packages; all other metadata (repo, homepage, license, keywords) is present and correct.	ai	2026/04/23

Versions (showing 100 of 103)

Show 16 prereleases

Version	Deps	Published
8.6.18	7 / 5	2026-03-06
8.6.17	7 / 5	2026-02-18
8.6.16	7 / 5	2026-02-17
8.6.15	7 / 5	2025-12-17
8.6.14	7 / 5	2025-05-16
8.6.13	7 / 5	2025-05-16
8.6.12	7 / 5	2025-04-02
8.6.11	7 / 5	2025-03-28
8.6.10	7 / 5	2025-03-26
8.6.9	7 / 5	2025-03-24
8.6.8	7 / 5	2025-03-22
8.6.7	7 / 5	2025-03-17
8.6.6	7 / 5	2025-03-15
8.6.5	7 / 5	2025-03-14
8.6.4	7 / 5	2025-03-05
8.6.3	7 / 5	2025-03-01
8.6.2	7 / 5	2025-02-27
8.6.1	7 / 5	2025-02-27
8.6.0	7 / 5	2025-02-25
8.5.8	8 / 5	2025-02-19
8.5.7	8 / 5	2025-02-18
8.5.6	8 / 5	2025-02-14
8.5.5	8 / 5	2025-02-12
8.5.4	8 / 5	2025-02-11
8.5.3	8 / 5	2025-02-01
8.5.2	8 / 5	2025-01-27
8.5.1	8 / 5	2025-01-23
8.5.0	8 / 5	2025-01-15
8.4.7	8 / 5	2024-12-05
8.4.6	8 / 5	2024-11-29
8.4.5	8 / 5	2024-11-20
8.4.4	8 / 5	2024-11-14
8.4.3	8 / 5	2024-11-13
8.4.2	8 / 5	2024-11-05
8.4.1	8 / 5	2024-11-01
8.4.0	8 / 5	2024-10-31
8.3.7	9 / 5	2024-11-04
8.3.6	9 / 5	2024-10-18
8.3.5	9 / 5	2024-10-04
8.3.4	9 / 5	2024-09-28
8.3.3	9 / 5	2024-09-24
8.3.2	9 / 5	2024-09-19
8.3.1	9 / 5	2024-09-16
8.3.0	9 / 5	2024-09-11
8.2.10	8 / 5	2024-11-04
8.2.9	8 / 5	2024-08-13
8.2.8	8 / 5	2024-08-07
8.2.7	8 / 5	2024-08-01
8.2.6	8 / 5	2024-07-24
8.2.5	8 / 5	2024-07-19
8.2.4	8 / 5	2024-07-16
8.2.3	8 / 5	2024-07-15
8.2.2	8 / 5	2024-07-11
8.2.1	8 / 5	2024-07-10
8.2.0	8 / 5	2024-07-10
8.1.11	10 / 5	2024-06-27
8.1.10	10 / 5	2024-06-17
8.1.9	10 / 5	2024-06-13
8.1.8	10 / 5	2024-06-13
8.1.7	10 / 5	2024-06-12
8.1.6	10 / 5	2024-06-05
8.1.5	10 / 5	2024-05-30
8.1.4	10 / 5	2024-05-27
8.1.3	10 / 5	2024-05-23
8.1.2	10 / 5	2024-05-21
8.1.1	10 / 5	2024-05-15
8.1.0	10 / 5	2024-05-14
8.0.10	10 / 4	2024-05-05
8.0.9	10 / 4	2024-04-22
8.0.8	11 / 3	2024-04-11
8.0.7	11 / 3	2024-04-11
8.0.6	11 / 3	2024-04-05
8.0.5	11 / 3	2024-03-28
8.0.4	11 / 3	2024-03-21
8.0.3	11 / 3	2024-03-21
8.0.2	11 / 3	2024-03-19
8.0.1	11 / 3	2024-03-18
8.0.0	11 / 3	2024-03-11
7.6.24	12 / 3	2026-03-06
7.6.23	12 / 3	2026-02-18
7.6.22	12 / 3	2026-02-17
7.6.21	12 / 3	2025-12-17
7.6.20	12 / 3	2024-06-24
7.6.19	12 / 3	2024-05-01
7.6.18	12 / 3	2024-04-23
7.6.17	12 / 3	2024-02-20
7.6.16	12 / 3	2024-02-15
7.6.15	12 / 3	2024-02-13
7.6.14	12 / 3	2024-02-10
7.6.13	12 / 3	2024-02-06
7.6.12	12 / 3	2024-01-31
7.6.11	12 / 3	2024-01-30
7.6.10	12 / 3	2024-01-18
7.6.9	12 / 3	2024-01-17
7.6.8	12 / 3	2024-01-12
7.6.7	12 / 3	2024-01-01
7.6.6	12 / 3	2023-12-19
7.6.5	12 / 3	2023-12-15
7.6.4	12 / 3	2023-12-07
7.6.3	12 / 3	2023-12-01

Showing 100 of 103 Next page →