← Home

gatsby-plugin-manifest

npm Repository Homepage

Gatsby plugin which adds a manifest.webmanifest to make sites progressive web apps

100
Versions
MIT
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

piehkathmbeckserhalp-netlifymlgualtieri-gatsbyfktylerbarnesdaniellewgatsby

Keywords

gatsbygatsby-pluginfaviconiconsmanifest.webmanifestprogressive-web-apppwa

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
phantom-deps phantom-dep:sharp AI (phantom-deps): Sharp is a documented runtime dependency for image processing; implicit dependency is expected and stable. ai
phantom-deps phantom-dep:semver AI (phantom-deps): Semver is a declared dependency used in configuration; phantom-dep finding is a false positive for this package. ai
phantom-deps phantom-dep:gatsby-plugin-utils AI (phantom-deps): gatsby-plugin-utils is a declared dependency referenced in config; phantom-dep is expected for plugin utilities. ai
semgrep semgrep:child-process-import AI (semgrep): safe-sharp.js uses child_process for sharp binary detection — long-standing pattern in the Gatsby monorepo. ai
provenance publisher-changed AI (provenance): Gatsby project transitioned to Netlify stewardship; publisher change from pieh to serhalp-netlify is an expected organizational transition. ai
bogus-package bogus-package AI (bogus-package): Empty index.js is standard Gatsby plugin convention; mass publisher is a monorepo contributor pattern. ai
maintainer-change maintainer-added AI (maintainer-change): New maintainers (mlgualtieri-gatsby, serhalp-netlify) are Netlify-affiliated accounts consistent with Gatsby's organizational transition. ai
maintainer-change maintainer-removed AI (maintainer-change): Removal of wardpeet is part of the Gatsby→Netlify maintainer transition; not indicative of takeover. ai

Versions (showing 100 of 247)

Hide prereleases
Version Deps Published
2.4.31 4 / 4
2.4.30 4 / 4
2.4.29 4 / 4
2.4.28 4 / 4
2.4.27 4 / 4
2.4.26 4 / 4
2.4.25 4 / 4
2.4.24 4 / 4
2.4.23 4 / 4
2.4.22 4 / 4
2.4.21 4 / 4
2.4.20 4 / 4
2.4.19 4 / 4
2.4.18 4 / 4
2.4.17 4 / 4
2.4.16 4 / 4
2.4.14 4 / 4
2.4.13 4 / 4
2.4.12 4 / 4
2.4.11 4 / 4
2.4.10 4 / 4
2.4.9 4 / 4
2.4.8 4 / 4
2.4.7 4 / 4
2.4.6 4 / 4
2.4.5 4 / 4
2.4.4 4 / 4
2.4.3 4 / 4
2.4.2 4 / 4
2.4.1 4 / 4
2.4.0 4 / 4
2.3.7 4 / 4
2.3.6 4 / 4
2.3.5 4 / 4
2.3.4 4 / 4
2.3.3 4 / 4
2.3.2 4 / 4
2.3.1 4 / 4
2.3.0 4 / 4
2.2.48 4 / 4
2.2.47 4 / 4
2.2.46 4 / 4
2.2.45 4 / 4
2.2.44 4 / 4
2.2.43 4 / 4
2.2.42 4 / 4
2.2.41 4 / 4
2.2.40 4 / 4
2.2.39 4 / 4
2.2.38 4 / 4
2.2.37 4 / 4
2.2.36 4 / 4
2.2.34 4 / 4
2.2.33 4 / 4
2.2.31 4 / 4
2.2.30 4 / 4
2.2.29 4 / 4
2.2.28 4 / 4
2.2.27 4 / 4
2.2.26 4 / 4
2.2.25 4 / 4
2.2.24 4 / 4
2.2.23 4 / 4
2.2.22 4 / 4
2.2.21 4 / 4
2.2.20 4 / 4
2.2.18 4 / 4
2.2.17 4 / 4
2.2.16 4 / 4
2.2.15 4 / 4
2.2.14 4 / 4
2.2.13 4 / 4
2.2.12 4 / 4
2.2.11 4 / 4
2.2.10 4 / 4
2.2.9 4 / 4
2.2.8 4 / 4
2.2.7 4 / 4
2.2.6 4 / 4
2.2.5 4 / 4
2.2.4 4 / 4
2.2.3 3 / 4
2.2.2 3 / 4
2.2.1 3 / 4
2.2.0 3 / 4
2.1.1 3 / 4
2.1.0 2 / 4
2.0.29 2 / 4
2.0.28 2 / 4
2.0.27 2 / 4
2.0.26 3 / 4
2.0.25 3 / 4
2.0.24 3 / 4
2.0.23 3 / 4
2.0.22 3 / 4
2.0.21 3 / 4
2.0.20 3 / 4
2.0.19 3 / 4
2.0.18 3 / 4
2.0.17 3 / 4
Showing 100 of 247 Next page →