@teambit/panels
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | publisher-changed | AI (provenance): davidfirst is a long-standing trusted publisher (178 approved, 0 rejected) within the teambit ecosystem. | ai | |
| npm-metadata | no-description | AI (npm-metadata): Auto-generated @teambit component packages routinely omit descriptions; stable pattern across 1500+ versions. | ai | |
| provenance | no-provenance | AI (provenance): teambit publishes hundreds of packages without provenance; consistent across the ecosystem. | ai |
Versions (showing 50 of 151)
| Version | Deps | Published |
|---|---|---|
| 0.0.1238 | 4 / 4 | |
| 0.0.1237 | 4 / 4 | |
| 0.0.1236 | 4 / 4 | |
| 0.0.1235 | 4 / 4 | |
| 0.0.1234 | 4 / 4 | |
| 0.0.1233 | 4 / 4 | |
| 0.0.1232 | 4 / 4 | |
| 0.0.1231 | 4 / 4 | |
| 0.0.1230 | 4 / 4 | |
| 0.0.1229 | 4 / 4 | |
| 0.0.1228 | 4 / 4 | |
| 0.0.1227 | 4 / 4 | |
| 0.0.1226 | 4 / 4 | |
| 0.0.1225 | 4 / 4 | |
| 0.0.1224 | 4 / 4 | |
| 0.0.1223 | 4 / 4 | |
| 0.0.1222 | 4 / 4 | |
| 0.0.1221 | 4 / 4 | |
| 0.0.1220 | 4 / 4 | |
| 0.0.1219 | 4 / 4 | |
| 0.0.1218 | 4 / 4 | |
| 0.0.1217 | 4 / 4 | |
| 0.0.1216 | 4 / 4 | |
| 0.0.1215 | 4 / 4 | |
| 0.0.1214 | 4 / 4 | |
| 0.0.1213 | 4 / 4 | |
| 0.0.1212 | 4 / 4 | |
| 0.0.1211 | 4 / 4 | |
| 0.0.1210 | 4 / 4 | |
| 0.0.1209 | 4 / 4 | |
| 0.0.1208 | 4 / 4 | |
| 0.0.1207 | 4 / 4 | |
| 0.0.1206 | 4 / 4 | |
| 0.0.1205 | 4 / 4 | |
| 0.0.1204 | 4 / 4 | |
| 0.0.1203 | 4 / 4 | |
| 0.0.1202 | 4 / 4 | |
| 0.0.1201 | 4 / 4 | |
| 0.0.1200 | 4 / 4 | |
| 0.0.1199 | 4 / 4 | |
| 0.0.1198 | 4 / 4 | |
| 0.0.1197 | 4 / 4 | |
| 0.0.1196 | 4 / 4 | |
| 0.0.1195 | 4 / 4 | |
| 0.0.1194 | 4 / 4 | |
| 0.0.1193 | 4 / 4 | |
| 0.0.1192 | 4 / 4 | |
| 0.0.1191 | 4 / 4 | |
| 0.0.1190 | 4 / 4 | |
| 0.0.1189 | 4 / 4 |
v0.0.1238
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1237
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1236
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1235
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1234
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1233
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1232
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1231
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1230
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1229
2 findingsThis version was published by a different npm account than previous versions on 2025-07-14. This could indicate a legitimate maintainer transition or an account compromise.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1228
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1227
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1226
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1225
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1224
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1223
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1222
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1221
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1220
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1219
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1218
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1217
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1216
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1215
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1214
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1213
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1212
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1211
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1210
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1209
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1208
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1207
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1206
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1205
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1204
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1203
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1202
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1201
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1200
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1199
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1198
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1197
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1196
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1195
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1194
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1193
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1192
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1191
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1190
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.1189
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.