← Home

@mui/material

npm Repository Homepage

React components that implement Google's Material Design.

9
Versions
MIT
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

diegoandaibrijeshb42michaldudakmnajdovasiriwatknpmj12albertaarongarciahatomiksoliviertassinarisilviuaavramjanpotoms

Keywords

reactreact-componentmuimaterial-uimaterial design

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
dependencies unvetted-peer-dep:@mui/material-pigment-css AI (dependencies): Optional peer dependency for CSS-in-JS; marked optional in peerDependenciesMeta, appropriate for MUI ecosystem. ai
publish-pattern dormant-publish AI (publish-pattern): MUI maintains multiple major version branches (v7, v9, etc.). Releases on older branches will always appear dormant relative to the active branch. SLSA provenance confirms legitimate CI/CD publishing. ai
source-diff large-new-source-files AI (source-diff): Diff is against v9.0.0 (different major version). Cross-major diffs for a large component library naturally produce thousands of file differences; not indicative of injected code. ai
dependencies unvetted-dep:@popperjs/core AI (dependencies): @popperjs/core is a well-known, widely-used positioning library; a standard long-standing dependency of @mui/material with no security concerns. ai
phantom-deps phantom-dep:@mui/core-downloads-tracker AI (phantom-deps): Same-org MUI package used for download tracking; expected and benign for this package. ai
phantom-deps phantom-dep:@types/react-transition-group AI (phantom-deps): TypeScript types package declared as dependency by convention; standard pattern, no security concern. ai

Versions (showing 9 of 9)

Version Deps Published
9.0.1 12 / 0
9.0.0 12 / 0
7.3.11 12 / 0
7.3.10 12 / 0
7.3.9 12 / 0
7.3.8 12 / 0
7.3.7 12 / 0
7.3.6 12 / 0
7.3.5 12 / 0

v9.0.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.0.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.3.11

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.3.10

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.3.9

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.3.8

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.3.7

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.3.6

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.3.5

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.