← Home

sanity

npm Repository Homepage
10
Versions
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

sanity-svc.npmsanity-io

Keywords

cmscontentheadlessrealtimesanity

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
phantom-deps phantom-dep:refractor AI (phantom-deps): Large monorepo package; phantom-dep heuristic unreliable for bundled/re-exported deps. ai
phantom-deps phantom-dep:classnames AI (phantom-deps): Stable false positive for this package's build structure. ai
phantom-deps phantom-dep:web-vitals AI (phantom-deps): Stable false positive for this package's build structure. ai
phantom-deps phantom-dep:@date-fns/tz AI (phantom-deps): Stable false positive for this package's build structure. ai
phantom-deps phantom-dep:@dnd-kit/core AI (phantom-deps): Stable false positive for this package's build structure. ai
phantom-deps phantom-dep:@sanity/mutate AI (phantom-deps): Stable false positive for this package's build structure. ai
phantom-deps phantom-dep:react-refractor AI (phantom-deps): Stable false positive for this package's build structure. ai
phantom-deps phantom-dep:@dnd-kit/sortable AI (phantom-deps): Stable false positive for this package's build structure. ai
phantom-deps phantom-dep:@dnd-kit/modifiers AI (phantom-deps): Stable false positive for this package's build structure. ai
phantom-deps phantom-dep:@dnd-kit/utilities AI (phantom-deps): Stable false positive for this package's build structure. ai
phantom-deps phantom-dep:@portabletext/html AI (phantom-deps): Stable false positive for this package's build structure. ai
phantom-deps phantom-dep:@sanity/prism-groq AI (phantom-deps): Stable false positive for this package's build structure. ai
phantom-deps phantom-dep:@sanity/eventsource AI (phantom-deps): Stable false positive for this package's build structure. ai
phantom-deps phantom-dep:isomorphic-dompurify AI (phantom-deps): Stable false positive for this package's build structure. ai
phantom-deps phantom-dep:@portabletext/patches AI (phantom-deps): Stable false positive for this package's build structure. ai
phantom-deps phantom-dep:@portabletext/to-html AI (phantom-deps): Stable false positive for this package's build structure. ai
phantom-deps phantom-dep:@tanstack/react-table AI (phantom-deps): Stable false positive for this package's build structure. ai
phantom-deps phantom-dep:use-device-pixel-ratio AI (phantom-deps): Stable false positive for this package's build structure. ai
phantom-deps phantom-dep:@sanity/media-library-types AI (phantom-deps): Stable false positive for this package's build structure. ai
phantom-deps phantom-dep:@portabletext/plugin-one-line AI (phantom-deps): Stable false positive for this package's build structure. ai

Versions (showing 10 of 10)

Version Deps Published
5.28.0 101 / 49
5.27.0 101 / 49
5.26.0 101 / 49
5.25.1 101 / 49
5.25.0 101 / 49
5.23.0 101 / 49
5.22.0 101 / 47
5.21.0 101 / 47
5.20.0 101 / 47
5.19.0 101 / 47

v5.28.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.27.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.26.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.25.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.25.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.23.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.22.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.21.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.20.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.19.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.