svelte MIT 23 versions

svelte

npm Repository Homepage

Cybernetically enhanced web apps

23

Versions

MIT

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

rich_harrisconduitrysvelte-admin

Keywords

svelteUIframeworktemplatestemplating

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
phantom-deps	phantom-dep:@types/estree	AI (phantom-deps): Type-only package used for TypeScript declarations; not imported at runtime. Standard pattern for TypeScript-aware packages.	ai	2026/04/21
phantom-deps	phantom-dep:@types/trusted-types	AI (phantom-deps): Type-only package used for TypeScript declarations; not imported at runtime. Standard pattern for TypeScript-aware packages.	ai	2026/04/21
semgrep	semgrep:base64-decode	AI (semgrep): Base64 decode is used in source map utilities (atob/Buffer.from) for legitimate compiler functionality, not payload obfuscation.	ai	2026/04/21
semgrep	semgrep:api-obfuscation-reflect	AI (semgrep): Reflect.get() is used in Svelte's reactive proxy implementation — standard JavaScript Proxy trap pattern, not obfuscation.	ai	2026/04/21

Versions (showing 23 of 23)

Version	Deps	Published
5.56.0	16 / 17	2026-05-29
5.55.10	16 / 15	2026-05-27
5.55.9	16 / 15	2026-05-20
5.55.8	16 / 15	2026-05-18
5.55.7	16 / 15	2026-05-14
5.55.6	16 / 15	2026-05-14
5.55.5	16 / 15	2026-04-23
5.55.4	16 / 15	2026-04-14
5.55.3	16 / 15	2026-04-10
5.55.2	16 / 15	2026-04-07
5.55.1	16 / 15	2026-03-29
5.55.0	16 / 15	2026-03-23
5.54.1	16 / 15	2026-03-21
5.54.0	16 / 15	2026-03-17
5.53.13	16 / 15	2026-03-17
5.53.12	16 / 15	2026-03-14
5.53.11	16 / 15	2026-03-12
5.53.10	16 / 15	2026-03-10
5.53.9	16 / 15	2026-03-10
5.53.8	16 / 15	2026-03-09
5.53.7	16 / 15	2026-03-03
5.53.6	16 / 15	2026-02-27
5.53.5	16 / 15	2026-02-25

v5.56.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.55.10

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.55.9

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.55.8

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.55.7

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.55.6

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.55.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.