v3.5.0+ were published without provenance attestation on npm: https://www.npmjs.com/package/react-lite-youtube-embed?activeTab=versions
Not a security issue, just a heads-up. Tools like Dependabot have started flagging when attestation disappears between versions, so downstream users may see warnings on these releases.
Worth just making sure newer versions are published with provenance.
v3.5.0+ were published without provenance attestation on npm: https://www.npmjs.com/package/react-lite-youtube-embed?activeTab=versions
Not a security issue, just a heads-up. Tools like Dependabot have started flagging when attestation disappears between versions, so downstream users may see warnings on these releases.
Worth just making sure newer versions are published with provenance.