← Home

@sanity/ui-workshop

npm Repository Homepage

An environment for designing, reviewing, and quality-testing React components.

4
Versions
MIT
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

kmelvebjoergerexxarsskogsmaskintoninamattcraigjoneidejohnsenrubiozrobinpyonmariuslundgardsanity-ioevenwradhe_sanityrbottendanielsgrovesjudofyrryanblockobliadpdcilkemadkenfredcarlsenhermanwtambetsgulsethatombendersimeonsanitystipsansnorreebrankersrdunkmichael-sanityvincentquigleyritasdiaskenjonespizzajosh_sanity_iocngonzalez-sanityjjburbridgetdfka_rickryanbonial-sanityindrek.karnerashsergeisarvirorefiitodrewsanitykaspar.lippmaa.sanitydamsimen.svaletbesedadaniel.malmerjordanl17colepetersarmandocernajoan_miralles_paezchristianhgpedro-sanityjwoods-sanitytiit.kass.saitybinoy14pauloborgesfaushachrislarocquesanityrostimelkmattlewine.sanitymsfragalaadoprogtonysanitybetsongeorgedoescodemacdonsteoinsanitydashedstripesjmswrnrsnocorp_sanitymmgjfilmajsamhemgu-stavpatricksanitymads.mogenshojsanitytomsanity-cbsanitykevvictor.ayoguryanbethel_sanitybrianlerouxjohnsicilip10ekrlundjonahsnidermwrittertorbratsbergsanityevelinawahlstromjw-sanitybobinska.devoleg1357josef-sanitygabe.wyattkbrabrandannez-sanity

Keywords

sanityuidesigndesign systemprototypingtestingqa

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
semgrep semgrep:base64-decode AI (semgrep): atob polyfill for Node.js environments; not decoding hidden payloads. ai
semgrep semgrep:dynamic-require AI (semgrep): Config-file loader pattern; resolves user-supplied config path, not arbitrary remote code. ai
phantom-deps phantom-dep:esbuild AI (phantom-deps): esbuild is a known implicit binary dependency for build tooling; stable pattern for this package. ai
phantom-deps phantom-dep:@vanilla-extract/css AI (phantom-deps): Referenced in config files as documented; not a real phantom dep concern. ai
phantom-deps phantom-dep:@vanilla-extract/css-utils AI (phantom-deps): Referenced in config files as documented; not a real phantom dep concern. ai

Versions (showing 4 of 4)

Version Deps Published
3.4.0 21 / 35
3.2.0 18 / 40
3.0.1 17 / 40
3.0.0 17 / 39

v3.4.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.2.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.0.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.0.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.