@splunk/dashboard-editors

Editors for dashboard data sources, layouts, drilldowns, tokens, and configuration

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

stsuisplunk-tlisplunkerdexa187kova71aprunedadanielsplunkrhesplunk_dashboard_publishercodycoats_splunksplunk-observability-instrumentationdraghunathanjreichardtxhu

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
phantom-deps	phantom-dep:@types/react	AI (phantom-deps): Type-only dep; never directly imported at runtime. Stable FP for this package.	ai	2026/06/11
phantom-deps	phantom-dep:@splunk/visualization-icons	AI (phantom-deps): Same org scope; likely consumed transitively through bundled output.	ai	2026/06/11
phantom-deps	phantom-dep:@splunk/visualization-themes	AI (phantom-deps): Same org scope; likely consumed transitively through bundled output.	ai	2026/06/11
phantom-deps	phantom-dep:@splunk/visualization-context	AI (phantom-deps): Same org scope; likely consumed transitively through bundled output.	ai	2026/06/11
phantom-deps	phantom-dep:@splunk/visualizations-shared	AI (phantom-deps): Same org scope; likely consumed transitively through bundled output.	ai	2026/06/11
phantom-deps	phantom-dep:@splunk/visualization-encoding	AI (phantom-deps): Same org scope; likely consumed transitively through bundled output.	ai	2026/06/11
phantom-deps	phantom-dep:@splunk/visualization-color-palettes	AI (phantom-deps): Same org scope; likely consumed transitively through bundled output.	ai	2026/06/11
phantom-deps	phantom-dep:@splunk/dashboard-telemetry	AI (phantom-deps): Same org scope; stable FP for this bundled package.	ai	2026/06/11
dependencies	unvetted-dep:@splunk/splunk-utils	AI (dependencies): Splunk first-party sibling dep; publisher track record is clean.	ai	2026/05/24
dependencies	unvetted-dep:@splunk/react-time-range	AI (dependencies): Splunk first-party sibling dep; publisher track record is clean.	ai	2026/05/24
bogus-package	bogus-package	AI (bogus-package): Internal enterprise package; sparse public metadata is expected for Splunk's private ecosystem.	ai	2026/05/24
dependencies	unvetted-dep:@splunk/time-range-utils	AI (dependencies): Splunk first-party sibling dep; publisher track record is clean.	ai	2026/05/24
phantom-deps	phantom-dep:memoize-one	AI (phantom-deps): Common false positive for bundled packages that reference deps in config only.	ai	2026/05/24
phantom-deps	phantom-dep:@splunk/time-range-utils	AI (phantom-deps): Splunk sibling dep; phantom-dep heuristic unreliable for bundled packages.	ai	2026/05/24
phantom-deps	phantom-dep:prop-types	AI (phantom-deps): Common false positive for bundled packages that reference deps in config only.	ai	2026/05/24
dependencies	unvetted-dep:@splunk/moment	AI (dependencies): Splunk first-party sibling dep; publisher track record is clean.	ai	2026/05/24
dependencies	unvetted-dep:@splunk/themes	AI (dependencies): Splunk first-party sibling dep; publisher track record is clean.	ai	2026/05/24
dependencies	unvetted-dep:@splunk/react-ui	AI (dependencies): Splunk first-party sibling dep; publisher track record is clean.	ai	2026/05/24
dependencies	unvetted-dep:@splunk/ui-utils	AI (dependencies): Splunk first-party sibling dep; publisher track record is clean.	ai	2026/05/24
dependencies	unvetted-dep:@splunk/react-icons	AI (dependencies): Splunk first-party sibling dep; publisher track record is clean.	ai	2026/05/24
dependencies	unvetted-dep:@splunk/dashboard-ui	AI (dependencies): Splunk first-party sibling dep; publisher track record is clean.	ai	2026/05/24
dependencies	unvetted-dep:@splunk/react-search	AI (dependencies): Splunk first-party sibling dep; publisher track record is clean.	ai	2026/05/24