@fad-producto-portal/ng-fad-requisition-data
The `@fad-producto-portal/ng-fad-requisition-data` package provides a set of standalone Angular components specifically designed to work with requisition-related data. These components are tailored for integration within the FAD Portal ecosystem and offer
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | no-provenance | AI (provenance): No CI/CD provenance is common for this publisher's Angular library suite; not a security risk on its own. | ai | |
| phantom-deps | phantom-dep:tslib | AI (phantom-deps): tslib is a standard Angular/TypeScript implicit runtime dep; not directly imported by design. | ai | |
| phantom-deps | phantom-dep:@types/qrcode | AI (phantom-deps): Type-only package loaded by framework convention; not directly imported is expected. | ai | |
| phantom-deps | phantom-dep:angularx-qrcode | AI (phantom-deps): Referenced in config files per analyzer note; Angular module loading pattern, not a real phantom dep. | ai |
v1.1.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.