@flarehr/superhero-benefits-onboarding
Flare Superhero Benefits Onboarding Component
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:axios | AI (phantom-deps): Bundled component; deps consumed at build time and shipped in dist/, not imported directly by static analysis. | ai | |
| phantom-deps | phantom-dep:preact | AI (phantom-deps): Same bundled-component pattern; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:jwt-decode | AI (phantom-deps): Same bundled-component pattern; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:fast-deep-equal | AI (phantom-deps): Same bundled-component pattern; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@heroicons/react | AI (phantom-deps): Same bundled-component pattern; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@headlessui/react | AI (phantom-deps): Same bundled-component pattern; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:preact-custom-element | AI (phantom-deps): Same bundled-component pattern; stable false positive for this package. | ai |
Versions (showing 100 of 346)
| Version | Deps | Published |
|---|---|---|
| 0.2.989 | 7 / 25 | |
| 0.2.988 | 7 / 25 | |
| 0.2.987 | 7 / 25 | |
| 0.2.986 | 7 / 25 | |
| 0.2.985 | 7 / 25 | |
| 0.2.984 | 7 / 25 | |
| 0.2.983 | 7 / 25 | |
| 0.2.982 | 7 / 25 | |
| 0.2.980 | 7 / 25 | |
| 0.2.979 | 7 / 25 | |
| 0.2.978 | 7 / 25 | |
| 0.2.977 | 7 / 25 | |
| 0.2.976 | 7 / 25 | |
| 0.2.975 | 7 / 25 | |
| 0.2.974 | 7 / 25 | |
| 0.2.973 | 7 / 25 | |
| 0.2.972 | 7 / 25 | |
| 0.2.971 | 7 / 25 | |
| 0.2.970 | 7 / 25 | |
| 0.2.969 | 7 / 25 | |
| 0.2.968 | 7 / 25 | |
| 0.2.967 | 7 / 25 | |
| 0.2.966 | 7 / 25 | |
| 0.2.965 | 7 / 25 | |
| 0.2.964 | 7 / 25 | |
| 0.2.963 | 7 / 25 | |
| 0.2.962 | 7 / 25 | |
| 0.2.961 | 7 / 25 | |
| 0.2.960 | 7 / 25 | |
| 0.2.959 | 7 / 25 | |
| 0.2.958 | 7 / 25 | |
| 0.2.957 | 7 / 25 | |
| 0.2.956 | 7 / 25 | |
| 0.2.955 | 7 / 25 | |
| 0.2.954 | 7 / 25 | |
| 0.2.953 | 7 / 25 | |
| 0.2.952 | 7 / 25 | |
| 0.2.951 | 7 / 25 | |
| 0.2.950 | 7 / 25 | |
| 0.2.949 | 7 / 25 | |
| 0.2.948 | 7 / 25 | |
| 0.2.947 | 7 / 25 | |
| 0.2.946 | 7 / 25 | |
| 0.2.944 | 7 / 25 | |
| 0.2.943 | 7 / 25 | |
| 0.2.942 | 7 / 25 | |
| 0.2.941 | 7 / 25 | |
| 0.2.940 | 7 / 25 | |
| 0.2.939 | 7 / 25 | |
| 0.2.938 | 7 / 25 | |
| 0.2.937 | 7 / 25 | |
| 0.2.936 | 7 / 25 | |
| 0.2.935 | 7 / 25 | |
| 0.2.934 | 7 / 25 | |
| 0.2.933 | 7 / 25 | |
| 0.2.932 | 7 / 25 | |
| 0.2.931 | 7 / 25 | |
| 0.2.930 | 7 / 25 | |
| 0.2.865 | 7 / 25 | |
| 0.2.864 | 7 / 25 | |
| 0.2.863 | 7 / 25 | |
| 0.2.862 | 7 / 25 | |
| 0.2.861 | 7 / 25 | |
| 0.2.860 | 7 / 25 | |
| 0.2.859 | 7 / 25 | |
| 0.2.858 | 7 / 25 | |
| 0.2.857 | 7 / 25 | |
| 0.2.856 | 7 / 25 | |
| 0.2.855 | 7 / 25 | |
| 0.2.854 | 7 / 25 | |
| 0.2.853 | 7 / 25 | |
| 0.2.852 | 7 / 25 | |
| 0.2.851 | 7 / 25 | |
| 0.2.850 | 7 / 25 | |
| 0.2.849 | 7 / 25 | |
| 0.2.848 | 7 / 25 | |
| 0.2.847 | 7 / 25 | |
| 0.2.846 | 7 / 25 | |
| 0.2.845 | 7 / 25 | |
| 0.2.844 | 7 / 25 | |
| 0.2.843 | 7 / 25 | |
| 0.2.842 | 7 / 25 | |
| 0.2.841 | 7 / 25 | |
| 0.2.840 | 7 / 25 | |
| 0.2.839 | 7 / 25 | |
| 0.2.838 | 7 / 25 | |
| 0.2.837 | 7 / 25 | |
| 0.2.836 | 7 / 25 | |
| 0.2.835 | 7 / 25 | |
| 0.2.834 | 7 / 25 | |
| 0.2.833 | 7 / 25 | |
| 0.2.832 | 7 / 25 | |
| 0.2.831 | 7 / 25 | |
| 0.2.830 | 7 / 25 | |
| 0.2.829 | 7 / 25 | |
| 0.2.828 | 7 / 25 | |
| 0.2.827 | 7 / 25 | |
| 0.2.826 | 7 / 25 | |
| 0.2.825 | 7 / 25 | |
| 0.2.824 | 7 / 25 |
v0.2.989
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.988
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.987
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.986
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.985
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.984
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.983
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.982
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.980
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.979
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.978
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.977
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.976
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.975
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.974
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.973
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.972
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.971
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.970
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.969
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.968
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.967
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.966
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.965
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.964
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.963
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.962
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.961
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.960
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.959
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.958
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.957
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.956
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.955
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.954
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.953
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.952
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.951
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.950
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.949
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.948
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.947
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.946
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.944
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.943
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.942
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.941
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.940
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.939
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.938
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.937
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.936
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.935
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.934
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.933
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.932
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.931
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.930
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.865
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.864
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.863
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.862
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.861
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.860
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.859
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.858
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.857
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.856
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.855
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.854
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.853
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.852
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.851
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.850
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.849
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.848
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.847
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.846
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.845
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.844
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.843
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.842
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.841
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.840
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.839
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.838
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.837
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.836
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.835
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.834
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.833
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.832
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.831
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.830
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.829
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.828
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.827
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.826
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.825
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.824
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.