@sap-ux/environment-check
SAP Fiori environment check
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | publisher-changed | AI (provenance): Transition from human publisher to GitHub Actions CI/CD is confirmed by SLSA provenance attestation; expected for SAP open-ux-tools repo. | ai | |
| dependencies | unvetted-dep:@sap/bas-sdk | AI (dependencies): First-party SAP SDK; expected dependency for SAP BAS environment checks in this package. | ai | |
| provenance | no-provenance | AI (provenance): SAP UX monorepo packages consistently lack Sigstore provenance; stable false positive for this package family. | ai | |
| phantom-deps | phantom-dep:@sap-ux/ui5-config | AI (phantom-deps): @sap-ux/ui5-config is a declared dep in the same SAP monorepo; phantom-dep heuristic is a stable false positive here. | ai |
Versions (showing 39 of 139)
| Version | Deps | Published |
|---|---|---|
| 0.18.34 | 15 / 4 | |
| 0.18.33 | 15 / 4 | |
| 0.18.32 | 15 / 4 | |
| 0.18.31 | 15 / 4 | |
| 0.18.30 | 15 / 4 | |
| 0.18.29 | 15 / 4 | |
| 0.18.28 | 15 / 4 | |
| 0.18.27 | 15 / 4 | |
| 0.18.26 | 15 / 4 | |
| 0.18.25 | 15 / 4 | |
| 0.18.24 | 15 / 4 | |
| 0.18.23 | 15 / 4 | |
| 0.18.22 | 15 / 4 | |
| 0.18.21 | 15 / 4 | |
| 0.18.20 | 15 / 4 | |
| 0.18.19 | 15 / 4 | |
| 0.18.18 | 15 / 4 | |
| 0.18.17 | 15 / 4 | |
| 0.18.16 | 15 / 4 | |
| 0.18.15 | 15 / 4 | |
| 0.18.14 | 15 / 4 | |
| 0.18.13 | 15 / 4 | |
| 0.18.12 | 15 / 4 | |
| 0.18.11 | 15 / 4 | |
| 0.18.10 | 15 / 4 | |
| 0.18.9 | 15 / 4 | |
| 0.18.8 | 15 / 4 | |
| 0.18.7 | 15 / 4 | |
| 0.18.6 | 15 / 4 | |
| 0.18.5 | 15 / 4 | |
| 0.18.4 | 15 / 4 | |
| 0.18.3 | 15 / 4 | |
| 0.18.2 | 15 / 4 | |
| 0.18.1 | 15 / 4 | |
| 0.18.0 | 15 / 4 | |
| 0.17.103 | 15 / 4 | |
| 0.17.102 | 15 / 4 | |
| 0.17.101 | 15 / 4 | |
| 0.17.100 | 15 / 4 |
v0.18.34
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.18.33
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.18.32
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.18.31
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.18.30
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.18.29
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.18.28
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.18.27
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.18.26
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.18.25
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.18.24
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.18.23
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.18.22
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.18.21
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.18.20
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.18.19
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.18.18
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.18.17
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.18.16
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.18.15
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.18.14
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.18.13
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.18.12
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.18.11
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.18.10
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.18.9
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.18.8
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.18.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.18.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.18.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.18.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.18.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.18.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.18.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.18.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.17.103
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.17.102
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.17.101
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.17.100
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.