← Home

@darajs/ui-notifications

npm Repository Homepage

Notification system for the Dara UI Framework

3
Versions
Apache-2.0
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

krzysztof-causalens

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
provenance publisher-changed AI (provenance): Transition from human publisher to GitHub Actions CI/CD with SLSA attestation; legitimate automation migration for causalens/dara monorepo. ai
publish-pattern dormant-publish AI (publish-pattern): Dormancy explained by CI/CD pipeline migration; SLSA provenance confirms legitimate publish from the official repo. ai
dependencies unvetted-dep:@darajs/ui-utils AI (dependencies): Sibling monorepo package from the same org/repo; versioned in lockstep, not an independent risk. ai

Versions (showing 3 of 104)

Version Deps Published
1.16.11 7 / 25
1.16.10 7 / 25
1.16.9 7 / 25

v1.16.11

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.16.10

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.16.9

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.