@lobehub/ui
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | no-provenance | AI (provenance): Established high-download package; provenance absence is consistent across all prior versions. | ai | |
| dependencies | unvetted-dep:react-layout-kit | AI (dependencies): Legitimate layout utility used by this UI library; consistent across versions. | ai | |
| dependencies | unvetted-dep:@lobehub/fluent-emoji | AI (dependencies): First-party @lobehub scoped emoji package; consistent with this library's purpose. | ai | |
| phantom-deps | phantom-dep:@floating-ui/react | AI (phantom-deps): Peer/optional dep pattern common in UI component libraries; stable false positive. | ai | |
| typosquat | typosquat.levenshtein:yup | AI (typosquat): Scoped package @lobehub/ui; Levenshtein match to yup is a false positive. | ai | |
| phantom-deps | phantom-dep:uuid | AI (phantom-deps): Large UI library; deps referenced in config/re-exports are expected not to be directly imported in source. | ai | |
| phantom-deps | phantom-dep:rc-image | AI (phantom-deps): Large UI library; config-only reference is expected pattern. | ai | |
| phantom-deps | phantom-dep:emoji-mart | AI (phantom-deps): Large UI library; config-only reference is expected pattern. | ai | |
| phantom-deps | phantom-dep:query-string | AI (phantom-deps): Large UI library; config-only reference is expected pattern. | ai | |
| typosquat | typosquat.levenshtein:uuid | AI (typosquat): Scoped package @lobehub/ui; Levenshtein match to uuid is a false positive. | ai | |
| phantom-deps | phantom-dep:remark-github | AI (phantom-deps): Large UI library; config-only reference is expected pattern. | ai | |
| phantom-deps | phantom-dep:@ant-design/cssinjs | AI (phantom-deps): Large UI library; config-only reference is expected pattern. | ai | |
| phantom-deps | phantom-dep:@radix-ui/react-slot | AI (phantom-deps): Large UI library; config-only reference is expected pattern. | ai | |
| phantom-deps | phantom-dep:react-zoom-pan-pinch | AI (phantom-deps): Large UI library; config-only reference is expected pattern. | ai | |
| phantom-deps | phantom-dep:@emotion/is-prop-valid | AI (phantom-deps): Large UI library; config-only reference is expected pattern. | ai | |
| phantom-deps | phantom-dep:@mdx-js/react | AI (phantom-deps): Large UI library; config-only reference is expected pattern. | ai | |
| typosquat | typosquat.levenshtein:pg | AI (typosquat): Scoped package @lobehub/ui; Levenshtein match to pg is a false positive. | ai | |
| typosquat | typosquat.levenshtein:qs | AI (typosquat): Scoped package @lobehub/ui; Levenshtein match to qs is a false positive. | ai | |
| typosquat | typosquat.levenshtein:joi | AI (typosquat): Scoped package @lobehub/ui; Levenshtein match to joi is a false positive. | ai |
Versions (showing 100 of 244)
| Version | Deps | Published |
|---|---|---|
| 4.25.0 | 67 / 49 | |
| 4.24.0 | 67 / 49 | |
| 4.23.0 | 67 / 49 | |
| 4.22.1 | 67 / 49 | |
| 4.22.0 | 67 / 49 | |
| 4.21.3 | 67 / 49 | |
| 4.21.2 | 67 / 49 | |
| 4.21.1 | 67 / 49 | |
| 4.21.0 | 67 / 49 | |
| 4.20.1 | 66 / 49 | |
| 4.20.0 | 66 / 49 | |
| 4.19.1 | 66 / 49 | |
| 4.19.0 | 66 / 49 | |
| 4.18.1 | 66 / 49 | |
| 4.18.0 | 66 / 49 | |
| 4.17.1 | 65 / 49 | |
| 4.17.0 | 65 / 49 | |
| 4.16.0 | 65 / 49 | |
| 4.15.0 | 65 / 49 | |
| 4.14.1 | 65 / 49 | |
| 4.14.0 | 65 / 49 | |
| 4.13.1 | 65 / 49 | |
| 4.13.0 | 65 / 49 | |
| 4.12.2 | 65 / 49 | |
| 4.12.1 | 65 / 49 | |
| 4.12.0 | 65 / 49 | |
| 4.11.7 | 65 / 49 | |
| 4.11.6 | 65 / 49 | |
| 4.11.5 | 65 / 49 | |
| 4.11.4 | 65 / 49 | |
| 4.11.3 | 65 / 49 | |
| 4.11.2 | 65 / 49 | |
| 4.11.1 | 65 / 49 | |
| 4.11.0 | 65 / 49 | |
| 4.10.1 | 65 / 49 | |
| 4.10.0 | 65 / 49 | |
| 4.9.3 | 65 / 49 | |
| 4.9.2 | 65 / 49 | |
| 4.9.1 | 65 / 49 | |
| 4.9.0 | 65 / 49 | |
| 4.8.1 | 65 / 49 | |
| 4.8.0 | 65 / 49 | |
| 4.7.1 | 65 / 49 | |
| 4.7.0 | 65 / 49 | |
| 4.6.7 | 65 / 49 | |
| 4.6.6 | 65 / 49 | |
| 4.6.5 | 64 / 49 | |
| 4.6.4 | 64 / 49 | |
| 4.6.3 | 64 / 49 | |
| 4.6.2 | 64 / 49 | |
| 4.6.1 | 64 / 49 | |
| 4.6.0 | 64 / 49 | |
| 4.5.1 | 64 / 49 | |
| 4.5.0 | 64 / 49 | |
| 4.4.5 | 63 / 49 | |
| 4.4.4 | 63 / 49 | |
| 4.4.3 | 63 / 49 | |
| 4.4.2 | 63 / 49 | |
| 4.4.1 | 63 / 49 | |
| 4.4.0 | 63 / 49 | |
| 4.3.13 | 63 / 49 | |
| 4.3.12 | 63 / 49 | |
| 4.3.11 | 63 / 49 | |
| 4.3.10 | 63 / 49 | |
| 4.3.9 | 63 / 49 | |
| 4.3.8 | 63 / 49 | |
| 4.3.7 | 63 / 49 | |
| 4.3.6 | 63 / 49 | |
| 4.3.5 | 63 / 49 | |
| 4.3.4 | 63 / 49 | |
| 4.3.3 | 63 / 49 | |
| 4.3.2 | 62 / 49 | |
| 4.3.1 | 62 / 49 | |
| 4.3.0 | 62 / 49 | |
| 4.2.2 | 62 / 49 | |
| 4.2.1 | 62 / 49 | |
| 4.2.0 | 62 / 49 | |
| 4.1.9 | 62 / 49 | |
| 4.1.8 | 62 / 49 | |
| 4.1.7 | 62 / 49 | |
| 4.1.6 | 62 / 49 | |
| 4.1.5 | 62 / 49 | |
| 4.1.4 | 62 / 49 | |
| 4.1.3 | 62 / 49 | |
| 4.1.2 | 64 / 47 | |
| 4.1.1 | 64 / 48 | |
| 4.1.0 | 64 / 48 | |
| 4.0.0 | 64 / 48 | |
| 3.4.6 | 64 / 48 | |
| 3.4.5 | 64 / 48 | |
| 3.4.4 | 64 / 48 | |
| 3.4.3 | 64 / 48 | |
| 3.4.2 | 64 / 48 | |
| 3.4.1 | 64 / 48 | |
| 3.4.0 | 64 / 48 | |
| 3.3.5 | 64 / 48 | |
| 3.3.4 | 64 / 48 | |
| 3.3.3 | 64 / 48 | |
| 3.3.2 | 64 / 48 | |
| 3.3.1 | 65 / 48 |
v4.25.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.24.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.23.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.22.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.22.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.21.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.21.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.21.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.21.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.20.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.20.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.19.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.19.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.18.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.18.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.17.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.17.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.16.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.15.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.14.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.14.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.13.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.13.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.12.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.12.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.12.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.11.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.11.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.11.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.11.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.11.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.11.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.11.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.11.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.10.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.10.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.9.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.9.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.9.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.9.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.8.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.8.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.7.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.7.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.6.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.6.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.6.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.6.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.6.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.6.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.6.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.6.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.5.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.5.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.4.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.4.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.4.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.4.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.4.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.4.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.3.13
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.3.12
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.3.11
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.3.10
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.3.9
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.3.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.3.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.3.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.3.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.3.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.3.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.3.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.3.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.3.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.2.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.2.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.2.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.1.9
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.1.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.1.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.1.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.1.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.1.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.1.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.1.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.1.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.1.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.0.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.4.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.4.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.4.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.4.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.4.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.4.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.4.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.3.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.3.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.3.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.3.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.3.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.