@teambit/version-history
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:@teambit/legacy.dependency-graph | AI (dependencies): Internal @teambit monorepo sibling dep; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@teambit/legacy.constants | AI (dependencies): Internal @teambit monorepo sibling dep; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@teambit/legacy.scope-api | AI (dependencies): Internal @teambit monorepo sibling dep; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@teambit/harmony | AI (dependencies): Internal @teambit monorepo sibling dep; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@teambit/bit-error | AI (dependencies): Internal @teambit monorepo sibling dep; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@teambit/component-id | AI (dependencies): Internal @teambit monorepo sibling dep; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@teambit/legacy.scope | AI (dependencies): Internal @teambit monorepo sibling dep; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@teambit/scope.remotes | AI (dependencies): Internal @teambit monorepo sibling dep; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@teambit/legacy.consumer | AI (dependencies): Internal @teambit monorepo sibling dep; stable pattern across all versions. | ai | |
| provenance | no-provenance | AI (provenance): teambit publishes hundreds of packages without provenance; consistent across all versions. | ai | |
| npm-metadata | no-description | AI (npm-metadata): Bit aspect packages in this monorepo consistently omit descriptions; stable false positive. | ai |
Versions (showing 37 of 237)
| Version | Deps | Published |
|---|---|---|
| 0.0.456 | 15 / 2 | |
| 0.0.455 | 15 / 2 | |
| 0.0.453 | 15 / 2 | |
| 0.0.451 | 15 / 2 | |
| 0.0.449 | 15 / 2 | |
| 0.0.447 | 15 / 2 | |
| 0.0.446 | 15 / 2 | |
| 0.0.444 | 15 / 2 | |
| 0.0.441 | 15 / 2 | |
| 0.0.440 | 15 / 2 | |
| 0.0.439 | 15 / 2 | |
| 0.0.438 | 15 / 2 | |
| 0.0.437 | 15 / 2 | |
| 0.0.435 | 15 / 2 | |
| 0.0.434 | 15 / 2 | |
| 0.0.433 | 15 / 2 | |
| 0.0.432 | 15 / 2 | |
| 0.0.430 | 15 / 2 | |
| 0.0.429 | 15 / 2 | |
| 0.0.428 | 15 / 2 | |
| 0.0.426 | 15 / 2 | |
| 0.0.425 | 15 / 2 | |
| 0.0.423 | 15 / 2 | |
| 0.0.421 | 15 / 2 | |
| 0.0.420 | 15 / 2 | |
| 0.0.418 | 15 / 2 | |
| 0.0.416 | 15 / 2 | |
| 0.0.414 | 15 / 2 | |
| 0.0.413 | 15 / 2 | |
| 0.0.412 | 15 / 2 | |
| 0.0.410 | 15 / 2 | |
| 0.0.409 | 15 / 2 | |
| 0.0.408 | 15 / 2 | |
| 0.0.406 | 15 / 2 | |
| 0.0.405 | 15 / 2 | |
| 0.0.403 | 15 / 2 | |
| 0.0.402 | 15 / 2 |
v0.0.456
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.455
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.453
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.451
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.449
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.447
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.446
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.444
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.441
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.440
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.439
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.438
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.437
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.435
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.434
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.433
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.432
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.430
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.429
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.428
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.426
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.425
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.423
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.421
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.420
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.418
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.416
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.414
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.413
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.412
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.410
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.409
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.408
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.406
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.405
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.403
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.402
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.