← Home

@darajs/ui-widgets

npm Repository Homepage

The UI widgets built on top of UI components

3
Versions
Apache-2.0
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

krzysztof-causalens

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
provenance publisher-changed AI (provenance): Transition from human publisher to GitHub Actions CI is expected for a monorepo adopting SLSA provenance; SLSA attestation confirms integrity. ai
publish-pattern dormant-publish AI (publish-pattern): Dormancy followed by CI-published release with SLSA attestation and no material changes; consistent with a legitimate release cadence change. ai
phantom-deps phantom-dep:react-dom AI (phantom-deps): Declared as runtime dep; phantom-dep heuristic false positive for config-referenced packages. ai
phantom-deps phantom-dep:lodash AI (phantom-deps): Declared as runtime dep; referenced in config files is a known heuristic false positive for this monorepo package. ai
phantom-deps phantom-dep:@darajs/ui-utils AI (phantom-deps): Same-org monorepo package; stable false positive for this package. ai
phantom-deps phantom-dep:@darajs/ui-icons AI (phantom-deps): Same-org monorepo package; stable false positive for this package. ai
phantom-deps phantom-dep:nanoid AI (phantom-deps): Declared as runtime dep; phantom-dep heuristic false positive for config-referenced packages. ai

Versions (showing 3 of 104)

Version Deps Published
1.16.11 8 / 30
1.16.10 8 / 30
1.16.9 8 / 30

v1.16.11

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.16.10

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.16.9

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.