@flarehr/apollo-customer-workplace-link
## CLI Commands
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:axios | AI (phantom-deps): Declared dependency; likely re-exported or used in config-driven patterns typical of component libraries. | ai | |
| phantom-deps | phantom-dep:goober | AI (phantom-deps): Declared dependency; CSS-in-JS library commonly used via config or indirect imports in Preact projects. | ai | |
| phantom-deps | phantom-dep:preact | AI (phantom-deps): Declared dependency; framework core often imported indirectly through JSX or preset plugins. | ai | |
| phantom-deps | phantom-dep:jwt-decode | AI (phantom-deps): Declared dependency; utility library likely used in config or indirect imports. | ai | |
| phantom-deps | phantom-dep:qrcode.react | AI (phantom-deps): Declared dependency; component library commonly used via config or indirect imports. | ai | |
| phantom-deps | phantom-dep:@headlessui/react | AI (phantom-deps): Declared dependency; UI component library commonly used via config or indirect imports. | ai | |
| phantom-deps | phantom-dep:preact-custom-element | AI (phantom-deps): Declared dependency; Preact integration library likely used via preset or indirect imports. | ai |
Versions (showing 38 of 339)
| Version | Deps | Published |
|---|---|---|
| 0.4.46304 | 7 / 16 | |
| 0.4.46288 | 7 / 16 | |
| 0.4.46191 | 7 / 16 | |
| 0.4.43725 | 7 / 16 | |
| 0.4.43615 | 7 / 16 | |
| 0.4.38936 | 7 / 16 | |
| 0.4.35609 | 7 / 16 | |
| 0.4.16030 | 7 / 16 | |
| 0.4.16018 | 7 / 16 | |
| 0.4.15860 | 7 / 16 | |
| 0.4.15859 | 7 / 16 | |
| 0.4.15850 | 7 / 16 | |
| 0.4.15849 | 7 / 16 | |
| 0.4.15615 | 7 / 16 | |
| 0.4.13728 | 7 / 16 | |
| 0.4.13726 | 7 / 16 | |
| 0.4.13709 | 7 / 16 | |
| 0.4.12675 | 7 / 16 | |
| 0.4.12656 | 7 / 16 | |
| 0.4.12619 | 7 / 16 | |
| 0.4.12502 | 7 / 16 | |
| 0.4.12487 | 7 / 16 | |
| 0.4.12418 | 7 / 16 | |
| 0.4.12394 | 7 / 16 | |
| 0.4.12292 | 7 / 16 | |
| 0.4.12290 | 7 / 16 | |
| 0.4.12100 | 7 / 16 | |
| 0.4.6760 | 7 / 16 | |
| 0.4.6586 | 7 / 16 | |
| 0.4.6581 | 7 / 16 | |
| 0.4.6179 | 7 / 16 | |
| 0.3.28241 | 7 / 16 | |
| 0.3.28207 | 7 / 16 | |
| 0.3.28201 | 7 / 16 | |
| 0.3.28127 | 7 / 16 | |
| 0.3.28126 | 7 / 16 | |
| 0.3.28104 | 7 / 16 | |
| 0.3.28077 | 7 / 16 |
v0.4.46304
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.4.46288
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.4.46191
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.4.43725
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.4.43615
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.4.38936
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.4.35609
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.4.16030
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.4.16018
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.4.15860
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.4.15859
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.4.15850
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.4.15849
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.4.15615
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.4.13728
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.4.13726
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.4.13709
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.4.12675
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.4.12656
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.4.12619
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.4.12502
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.4.12487
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.4.12418
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.4.12394
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.4.12292
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.4.12290
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.4.12100
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.28241
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.28207
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.28201
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.28127
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.28126
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.28104
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.28077
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.