@djangocfg/ui-tools — Greenflagged

Heavy React tools with lazy loading - for Electron, Vite, CRA, Next.js apps

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

markolofsen

Keywords

ui-toolsreactlazy-loadingvideo-playeraudio-playerjson-formmermaidcode-highlightgallerylightboxmapmaplibremonaco-editorcode-editor

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	obfuscated-file:src/tools/visual/design/FileIcon/icons/icon-data.ts	AI (source-diff): Auto-generated static SVG icon data module; long lines are inline SVG strings, not obfuscation. Stable pattern for this package.	ai	2026/06/01
phantom-deps	phantom-dep:@dnd-kit/sortable	AI (phantom-deps): Used via re-exports/config; stable false positive for this UI toolkit.	ai	2026/05/31
phantom-deps	phantom-dep:@types/qrcode	AI (phantom-deps): Type-only dep; not imported at runtime by design.	ai	2026/05/31
phantom-deps	phantom-dep:@tiptap/extension-bubble-menu	AI (phantom-deps): Tiptap extensions loaded via config/re-export; stable false positive.	ai	2026/05/31
phantom-deps	phantom-dep:@dnd-kit/utilities	AI (phantom-deps): Same pattern as other dnd-kit deps; stable false positive.	ai	2026/05/31
phantom-deps	phantom-dep:@dnd-kit/modifiers	AI (phantom-deps): Same pattern as other dnd-kit deps; stable false positive.	ai	2026/05/31
source-diff	obfuscated-file:src/tools/Chat/core/audio/sounds/notification.ts	AI (source-diff): Base64-encoded MP3 audio asset inlined as data URL; documented pattern, not obfuscated code.	ai	2026/05/31
source-diff	obfuscated-file:src/tools/Chat/core/audio/sounds/mention.ts	AI (source-diff): Base64-encoded MP3 audio asset inlined as data URL; documented pattern, not obfuscated code.	ai	2026/05/31
source-diff	obfuscated-file:src/tools/Chat/core/audio/sounds/received.ts	AI (source-diff): Base64-encoded MP3 audio asset inlined as data URL; documented pattern, not obfuscated code.	ai	2026/05/31
source-diff	obfuscated-file:src/tools/Chat/core/audio/sounds/start.ts	AI (source-diff): Base64-encoded MP3 audio asset inlined as data URL; documented pattern, not obfuscated code.	ai	2026/05/31
source-diff	obfuscated-file:src/tools/FileIcon/icons/icon-data.ts	AI (source-diff): Auto-generated vendored SVG icon data from material-file-icons (MIT); comment confirms provenance.	ai	2026/05/30
source-diff	obfuscated-file:src/tools/Chat/core/audio/sounds/error.ts	AI (source-diff): Base64-encoded MP3 audio asset inlined as data URL; comment and content confirm legitimate use.	ai	2026/05/30
phantom-deps	phantom-dep:wavesurfer.js	AI (phantom-deps): Same re-export/config pattern; stable false positive for this package.	ai	2026/05/14
phantom-deps	phantom-dep:vidstack	AI (phantom-deps): Declared as dependency for re-export/config use; stable pattern for this multi-tool package.	ai	2026/05/14
phantom-deps	phantom-dep:@wavesurfer/react	AI (phantom-deps): Same re-export/config pattern; stable false positive for this package.	ai	2026/05/14
phantom-deps	phantom-dep:@tiptap/pm	AI (phantom-deps): Tiptap peer dep used indirectly; stable false positive for this package.	ai	2026/05/14
phantom-deps	phantom-dep:media-icons	AI (phantom-deps): Same re-export/config pattern; stable false positive for this package.	ai	2026/05/14

Versions (showing 90 of 292)

Version	Deps	Published
2.1.190	18 / 14	2026-02-27
2.1.189	18 / 14	2026-02-27
2.1.188	18 / 14	2026-02-27
2.1.187	18 / 14	2026-02-27
2.1.186	18 / 14	2026-02-27
2.1.185	18 / 14	2026-02-26
2.1.184	18 / 14	2026-02-26
2.1.183	18 / 14	2026-02-26
2.1.182	18 / 14	2026-02-26
2.1.181	18 / 14	2026-02-26
2.1.180	18 / 14	2026-02-26
2.1.178	18 / 14	2026-02-26
2.1.177	18 / 14	2026-02-26
2.1.176	18 / 14	2026-02-25
2.1.173	18 / 14	2026-02-25
2.1.172	18 / 14	2026-02-25
2.1.171	18 / 14	2026-02-25
2.1.170	18 / 14	2026-02-20
2.1.169	18 / 14	2026-02-12
2.1.168	18 / 14	2026-02-12
2.1.167	18 / 14	2026-02-11
2.1.166	18 / 14	2026-02-11
2.1.165	18 / 14	2026-02-11
2.1.164	18 / 14	2026-02-11
2.1.163	18 / 14	2026-02-10
2.1.162	18 / 14	2026-02-10
2.1.161	17 / 14	2026-02-10
2.1.160	17 / 14	2026-02-10
2.1.159	17 / 14	2026-02-10
2.1.158	17 / 14	2026-02-10
2.1.157	17 / 14	2026-02-09
2.1.156	17 / 14	2026-02-08
2.1.155	17 / 14	2026-02-08
2.1.154	17 / 14	2026-02-08
2.1.153	17 / 14	2026-02-08
2.1.152	17 / 14	2026-02-08
2.1.151	17 / 14	2026-02-07
2.1.150	17 / 14	2026-02-07
2.1.149	17 / 14	2026-02-07
2.1.148	17 / 14	2026-02-06
2.1.147	17 / 14	2026-02-06
2.1.146	17 / 14	2026-02-06
2.1.145	17 / 14	2026-02-05
2.1.144	17 / 14	2026-02-05
2.1.143	17 / 14	2026-02-05
2.1.140	17 / 14	2026-02-05
2.1.139	17 / 14	2026-02-05
2.1.138	17 / 14	2026-02-04
2.1.137	17 / 14	2026-02-04
2.1.136	17 / 14	2026-02-04
2.1.135	17 / 14	2026-02-01
2.1.134	17 / 14	2026-02-01
2.1.133	17 / 14	2026-02-01
2.1.132	17 / 14	2026-02-01
2.1.131	17 / 14	2026-02-01
2.1.130	17 / 14	2026-01-31
2.1.129	17 / 14	2026-01-31
2.1.127	17 / 14	2026-01-31
2.1.126	17 / 14	2026-01-31
2.1.125	17 / 14	2026-01-29
2.1.124	17 / 14	2026-01-29
2.1.123	17 / 14	2026-01-29
2.1.121	17 / 14	2026-01-29
2.1.120	17 / 14	2026-01-29
2.1.119	17 / 17	2026-01-29
2.1.118	17 / 8	2026-01-24
2.1.116	17 / 8	2026-01-24
2.1.115	17 / 8	2026-01-23
2.1.114	17 / 8	2026-01-23
2.1.113	17 / 8	2026-01-23
2.1.112	17 / 8	2026-01-23
2.1.111	17 / 8	2026-01-23
2.1.110	15 / 6	2026-01-15
2.1.109	15 / 6	2026-01-15
2.1.108	15 / 6	2026-01-14
2.1.107	15 / 6	2026-01-12
2.1.106	15 / 6	2026-01-11
2.1.105	15 / 6	2026-01-07
2.1.104	15 / 6	2026-01-07
2.1.103	15 / 6	2026-01-07
2.1.102	15 / 6	2026-01-07
2.1.101	16 / 6	2026-01-07
2.1.100	16 / 6	2026-01-06
2.1.99	16 / 6	2026-01-06
2.1.97	16 / 6	2026-01-06
2.1.96	16 / 6	2026-01-06
2.1.95	16 / 6	2026-01-05
2.1.94	16 / 6	2026-01-05
2.1.92	16 / 6	2026-01-05
2.1.91	16 / 6	2026-01-03