@superblocksteam/shared
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:pino | AI (phantom-deps): pino is declared and used in config; legitimate implicit dependency for logging infrastructure. | ai | |
| phantom-deps | phantom-dep:tslib | AI (phantom-deps): tslib is a standard TypeScript runtime helper; implicit dependency from TypeScript compilation. | ai | |
| phantom-deps | phantom-dep:google-protobuf | AI (phantom-deps): google-protobuf is declared and referenced in config; legitimate implicit dependency. | ai | |
| phantom-deps | phantom-dep:@types/estree | AI (phantom-deps): TypeScript type declaration packages are commonly declared as deps without direct imports; this is standard TS practice for this package. | ai | |
| phantom-deps | phantom-dep:@types/events | AI (phantom-deps): TypeScript type declaration packages are commonly declared as deps without direct imports; this is standard TS practice for this package. | ai | |
| phantom-deps | phantom-dep:@types/esprima | AI (phantom-deps): TypeScript type declaration packages are commonly declared as deps without direct imports; this is standard TS practice for this package. | ai |
Versions (showing 100 of 668)
| Version | Deps | Published |
|---|---|---|
| 0.9508.0 | 26 / 25 | |
| 0.9507.0 | 26 / 25 | |
| 0.9505.0 | 26 / 25 | |
| 0.9504.0 | 26 / 25 | |
| 0.9503.0 | 26 / 25 | |
| 0.9502.0 | 26 / 25 | |
| 0.9501.0 | 26 / 25 | |
| 0.9500.0 | 26 / 25 | |
| 0.9499.0 | 26 / 25 | |
| 0.9498.0 | 26 / 25 | |
| 0.9497.0 | 26 / 25 | |
| 0.9496.0 | 26 / 25 | |
| 0.9495.0 | 26 / 25 | |
| 0.9494.0 | 26 / 25 | |
| 0.9493.0 | 26 / 25 | |
| 0.9492.0 | 26 / 25 | |
| 0.9491.0 | 26 / 25 | |
| 0.9490.0 | 26 / 25 | |
| 0.9489.0 | 26 / 25 | |
| 0.9488.0 | 26 / 25 | |
| 0.9487.0 | 26 / 25 | |
| 0.9486.0 | 26 / 25 | |
| 0.9485.0 | 26 / 25 | |
| 0.9484.0 | 26 / 25 | |
| 0.9483.0 | 26 / 25 | |
| 0.9482.0 | 26 / 25 | |
| 0.9481.0 | 26 / 25 | |
| 0.9480.0 | 26 / 25 | |
| 0.9479.0 | 26 / 25 | |
| 0.9478.0 | 23 / 24 | |
| 0.9477.0 | 23 / 24 | |
| 0.9476.0 | 23 / 24 | |
| 0.9475.0 | 23 / 24 | |
| 0.9474.0 | 23 / 24 | |
| 0.9473.0 | 23 / 24 | |
| 0.9472.0 | 23 / 24 | |
| 0.9471.0 | 23 / 24 | |
| 0.9470.0 | 23 / 24 | |
| 0.9469.0 | 23 / 24 | |
| 0.9468.0 | 23 / 24 | |
| 0.9467.0 | 23 / 24 | |
| 0.9466.0 | 23 / 24 | |
| 0.9465.0 | 23 / 24 | |
| 0.9464.0 | 23 / 24 | |
| 0.9463.0 | 23 / 24 | |
| 0.9462.0 | 23 / 24 | |
| 0.9461.0 | 23 / 24 | |
| 0.9460.0 | 23 / 24 | |
| 0.9459.0 | 23 / 24 | |
| 0.9446.0 | 23 / 24 | |
| 0.9445.0 | 23 / 24 | |
| 0.9444.0 | 23 / 24 | |
| 0.9443.0 | 23 / 24 | |
| 0.9442.0 | 23 / 24 | |
| 0.9441.0 | 23 / 24 | |
| 0.9440.0 | 23 / 24 | |
| 0.9439.0 | 23 / 24 | |
| 0.9438.0 | 23 / 24 | |
| 0.9437.0 | 23 / 24 | |
| 0.9435.0 | 23 / 24 | |
| 0.9434.0 | 23 / 24 | |
| 0.9433.0 | 23 / 24 | |
| 0.9432.0 | 23 / 24 | |
| 0.9431.0 | 23 / 24 | |
| 0.9430.0 | 23 / 24 | |
| 0.9429.0 | 23 / 24 | |
| 0.9428.0 | 23 / 24 | |
| 0.9427.0 | 23 / 24 | |
| 0.9426.0 | 23 / 24 | |
| 0.9425.0 | 23 / 24 | |
| 0.9424.0 | 23 / 24 | |
| 0.9423.0 | 23 / 24 | |
| 0.9422.0 | 23 / 24 | |
| 0.9421.0 | 23 / 24 | |
| 0.9420.0 | 23 / 24 | |
| 0.9419.0 | 23 / 24 | |
| 0.9418.0 | 23 / 24 | |
| 0.9417.0 | 23 / 24 | |
| 0.9415.0 | 23 / 24 | |
| 0.9414.0 | 23 / 24 | |
| 0.9413.0 | 23 / 24 | |
| 0.9412.0 | 23 / 24 | |
| 0.9411.0 | 23 / 24 | |
| 0.9409.0 | 23 / 24 | |
| 0.9408.0 | 23 / 24 | |
| 0.9407.0 | 23 / 24 | |
| 0.9406.0 | 23 / 24 | |
| 0.9405.0 | 23 / 24 | |
| 0.9404.0 | 23 / 23 | |
| 0.9403.0 | 23 / 23 | |
| 0.9402.0 | 23 / 23 | |
| 0.9401.0 | 23 / 23 | |
| 0.9400.0 | 23 / 23 | |
| 0.9399.0 | 23 / 23 | |
| 0.9398.0 | 23 / 23 | |
| 0.9397.0 | 23 / 23 | |
| 0.9396.0 | 23 / 23 | |
| 0.9394.0 | 23 / 23 | |
| 0.9393.0 | 23 / 23 | |
| 0.9392.0 | 23 / 23 |
v0.9503.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9491.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9476.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9470.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9445.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9424.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9417.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9402.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9393.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.