@coko/client — Greenflagged

Client side common code for coko apps

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

yannisbarlasalexgeorg86

Keywords

coko

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
phantom-deps	phantom-dep:@babel/plugin-transform-class-properties	AI (phantom-deps): Babel plugins loaded by convention via config files, not direct imports — stable false positive for this package.	ai	2026/05/06
phantom-deps	phantom-dep:@babel/plugin-transform-private-property-in-object	AI (phantom-deps): Babel plugins loaded by convention via config files, not direct imports — stable false positive for this package.	ai	2026/05/06
dependencies	unvetted-dep:styled-normalize	AI (dependencies): Widely-used CSS normalization utility for styled-components; no malicious history.	ai	2026/05/06
dependencies	unvetted-dep:babel-plugin-parameter-decorator	AI (dependencies): Standard Babel decorator plugin; stable low-risk build tooling dependency.	ai	2026/05/06
semgrep	semgrep:env-bulk-read	AI (semgrep): Webpack config filters process.env for CLIENT_* prefixed vars only; documented build pattern, not exfiltration.	ai	2026/05/06
phantom-deps	phantom-dep:typescript	AI (phantom-deps): Build tooling; referenced in config files.	ai	2026/04/30
phantom-deps	phantom-dep:url-loader	AI (phantom-deps): Webpack loader referenced in config files.	ai	2026/04/30
phantom-deps	phantom-dep:@babel/core	AI (phantom-deps): Framework-scoped babel tooling; loaded by convention.	ai	2026/04/30
phantom-deps	phantom-dep:html-loader	AI (phantom-deps): Webpack loader referenced in config files.	ai	2026/04/30
phantom-deps	phantom-dep:webpack-cli	AI (phantom-deps): CLI tool referenced in scripts/config, not directly imported.	ai	2026/04/30
phantom-deps	phantom-dep:babel-loader	AI (phantom-deps): Webpack loader referenced in config files.	ai	2026/04/30
phantom-deps	phantom-dep:style-loader	AI (phantom-deps): Webpack loader referenced in config files.	ai	2026/04/30
phantom-deps	phantom-dep:graphql	AI (phantom-deps): Build/config tooling dep; loaded by webpack config convention, not direct import.	ai	2026/04/30
phantom-deps	phantom-dep:@babel/preset-react	AI (phantom-deps): Framework-scoped babel preset; loaded by convention.	ai	2026/04/30
phantom-deps	phantom-dep:babel-preset-minify	AI (phantom-deps): Babel preset referenced in config files.	ai	2026/04/30
phantom-deps	phantom-dep:babel-plugin-styled-components	AI (phantom-deps): Babel plugin referenced in config files.	ai	2026/04/30
phantom-deps	phantom-dep:@babel/plugin-transform-runtime	AI (phantom-deps): Framework-scoped babel plugin; loaded by convention.	ai	2026/04/30
phantom-deps	phantom-dep:babel-plugin-parameter-decorator	AI (phantom-deps): Babel plugin referenced in config files.	ai	2026/04/30
phantom-deps	phantom-dep:@babel/plugin-proposal-decorators	AI (phantom-deps): Framework-scoped babel plugin; loaded by convention.	ai	2026/04/30
phantom-deps	phantom-dep:@babel/plugin-transform-private-methods	AI (phantom-deps): Framework-scoped babel plugin; loaded by convention.	ai	2026/04/30
phantom-deps	phantom-dep:@babel/preset-env	AI (phantom-deps): Framework-scoped babel preset; loaded by convention.	ai	2026/04/30
phantom-deps	phantom-dep:react-is	AI (phantom-deps): Build/config tooling dep; loaded by webpack config convention.	ai	2026/04/30
phantom-deps	phantom-dep:ts-loader	AI (phantom-deps): Webpack loader referenced in config files, not directly imported.	ai	2026/04/30
phantom-deps	phantom-dep:@babel/cli	AI (phantom-deps): Framework-scoped babel tooling; loaded by convention.	ai	2026/04/30
phantom-deps	phantom-dep:css-loader	AI (phantom-deps): Webpack loader referenced in config files.	ai	2026/04/30