@storybook/ui — Greenflagged

Core Storybook UI

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

shilmanndelangenhypnosphitmeasdayigor-dv

Keywords

storybook

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
phantom-deps	phantom-dep:history	AI (phantom-deps): Phantom dependency is legitimate for this package; likely used transitively through @storybook/* dependencies.	ai	2026/04/24
phantom-deps	phantom-dep:react-lifecycles-compat	AI (phantom-deps): Phantom dependency is legitimate; used for React compatibility through transitive dependencies.	ai	2026/04/24
phantom-deps	phantom-dep:lodash.throttle	AI (phantom-deps): Phantom dependency is legitimate; used in event handling through transitive dependencies.	ai	2026/04/24
phantom-deps	phantom-dep:lodash.sortby	AI (phantom-deps): Phantom dependency is legitimate; used in data processing through transitive dependencies.	ai	2026/04/24
phantom-deps	phantom-dep:react-modal	AI (phantom-deps): Phantom dependency is legitimate; used in modal UI components through transitive dependencies.	ai	2026/04/24
phantom-deps	phantom-dep:keycode	AI (phantom-deps): Phantom dependency is legitimate; used in UI event handling through transitive dependencies.	ai	2026/04/24
phantom-deps	phantom-dep:qs	AI (phantom-deps): Declared in package.json; phantom-dep pattern is expected for Storybook monorepo packages.	ai	2026/04/24
phantom-deps	phantom-dep:telejson	AI (phantom-deps): Declared in package.json; phantom-dep pattern is expected for Storybook monorepo packages.	ai	2026/04/24
phantom-deps	phantom-dep:util-deprecate	AI (phantom-deps): Declared in package.json; phantom-dep pattern is expected for Storybook monorepo packages.	ai	2026/04/24
phantom-deps	phantom-dep:emotion-theming	AI (phantom-deps): Declared in package.json; phantom-dep pattern is expected for Storybook monorepo packages.	ai	2026/04/24
phantom-deps	phantom-dep:fast-deep-equal	AI (phantom-deps): Declared in package.json; phantom-dep pattern is expected for Storybook monorepo packages.	ai	2026/04/24
typosquat	typosquat.levenshtein:uuid	AI (typosquat): @storybook/ui is a scoped package in the official Storybook org; Levenshtein comparison to 'uuid' is a false positive with no plausible confusion.	ai	2026/04/24
typosquat	typosquat.levenshtein:qs	AI (typosquat): @storybook/ui is a scoped package in the official Storybook org; Levenshtein comparison to 'qs' is a false positive with no plausible confusion.	ai	2026/04/24
typosquat	typosquat.levenshtein:joi	AI (typosquat): @storybook/ui is a scoped package in the official Storybook org; Levenshtein comparison to 'joi' is a false positive with no plausible confusion.	ai	2026/04/24
typosquat	typosquat.levenshtein:yup	AI (typosquat): @storybook/ui is a scoped package in the official Storybook org; Levenshtein comparison to 'yup' is a false positive with no plausible confusion.	ai	2026/04/24
typosquat	typosquat.levenshtein:pg	AI (typosquat): @storybook/ui is a scoped package in the official Storybook org; Levenshtein comparison to 'pg' is a false positive with no plausible confusion.	ai	2026/04/24
phantom-deps	phantom-dep:core-js-pure	AI (phantom-deps): core-js-pure is a declared runtime dep used as part of Storybook's polyfill strategy; phantom detection is a false positive for this package.	ai	2026/04/23
phantom-deps	phantom-dep:@types/markdown-to-jsx	AI (phantom-deps): Type definitions declared as runtime dep for framework convention loading; false positive for this package.	ai	2026/04/23
phantom-deps	phantom-dep:@storybook/channels	AI (phantom-deps): Same-org Storybook package declared as a runtime dep; phantom detection is a false positive for this monorepo package.	ai	2026/04/23
phantom-deps	phantom-dep:@emotion/core	AI (phantom-deps): @emotion/core is a declared dep referenced in config/build files; standard for Storybook's theming/emotion setup.	ai	2026/04/23
provenance	no-provenance	AI (provenance): Package predates Sigstore provenance support; trusted publisher with strong track record. Not a risk signal for this package.	ai	2026/04/23

Versions (showing 100 of 244)

Version	Deps	Published
6.0.10	31 / 11	2020-08-15
6.0.9	31 / 11	2020-08-15
6.0.7	31 / 11	2020-08-14
6.0.6	31 / 11	2020-08-13
6.0.5	31 / 11	2020-08-12
6.0.4	31 / 11	2020-08-12
6.0.3	31 / 11	2020-08-12
6.0.2	31 / 11	2020-08-11
6.0.1	31 / 11	2020-08-11
6.0.0	31 / 11	2020-08-11
5.3.21	34 / 6	2020-08-28
5.3.20	34 / 6	2020-08-26
5.3.19	34 / 6	2020-05-24
5.3.18	34 / 6	2020-03-31
5.3.17	34 / 6	2020-03-14
5.3.15	34 / 6	2020-03-14
5.3.14	34 / 6	2020-02-25
5.3.13	34 / 6	2020-02-12
5.3.12	34 / 6	2020-02-04
5.3.11	34 / 6	2020-02-04
5.3.10	34 / 6	2020-02-02
5.3.9	34 / 6	2020-01-24
5.3.8	34 / 6	2020-01-21
5.3.7	34 / 6	2020-01-20
5.3.6	34 / 6	2020-01-17
5.3.5	34 / 6	2020-01-16
5.3.4	34 / 6	2020-01-16
5.3.3	34 / 6	2020-01-14
5.3.2	34 / 6	2020-01-13
5.3.1	34 / 6	2020-01-12
5.3.0	34 / 6	2020-01-11
5.2.8	33 / 6	2019-12-02
5.2.7	33 / 6	2019-11-30
5.2.6	33 / 6	2019-11-09
5.2.5	33 / 6	2019-10-22
5.2.4	33 / 6	2019-10-14
5.2.3	33 / 6	2019-10-07
5.2.2	33 / 6	2019-10-07
5.2.1	35 / 4	2019-09-17
5.2.0	35 / 4	2019-09-14
5.1.11	34 / 4	2019-08-13
5.1.10	34 / 4	2019-07-31
5.1.9	34 / 4	2019-06-20
5.1.8	31 / 4	2019-06-14
5.1.7	31 / 4	2019-06-13
5.1.5	31 / 4	2019-06-13
5.1.4	31 / 4	2019-06-13
5.1.3	31 / 3	2019-06-06
5.1.1	31 / 3	2019-06-05
5.0.11	35 / 2	2019-04-28
5.0.10	35 / 2	2019-04-18
5.0.9	35 / 2	2019-04-17
5.0.8	35 / 2	2019-04-15
5.0.7	35 / 2	2019-04-14
5.0.6	35 / 2	2019-04-01
5.0.5	35 / 2	2019-03-24
5.0.4	35 / 2	2019-03-24
5.0.3	35 / 2	2019-03-18
5.0.2	35 / 2	2019-03-17
5.0.1	35 / 2	2019-03-08
5.0.0	34 / 2	2019-03-05
4.1.18	22 / 2	2019-04-15
4.1.17	22 / 2	2019-04-15
4.1.16	22 / 2	2019-03-24
4.1.14	22 / 2	2019-03-08
4.1.13	22 / 2	2019-02-21
4.1.12	22 / 2	2019-02-18
4.1.11	22 / 2	2019-01-24
4.1.10	22 / 2	2019-01-24
4.1.9	22 / 2	2019-01-23
4.1.8	22 / 2	2019-01-23
4.1.7	22 / 2	2019-01-17
4.1.6	22 / 2	2019-01-09
4.1.5	22 / 2	2019-01-09
4.1.4	20 / 2	2018-12-25
4.1.3	20 / 2	2018-12-20
4.1.2	20 / 2	2018-12-16
4.1.1	20 / 2	2018-12-13
4.1.0	20 / 2	2018-12-12
4.0.12	20 / 2	2018-12-05
4.0.11	20 / 2	2018-12-03
4.0.10	20 / 2	2018-12-01
4.0.9	20 / 2	2018-11-25
4.0.8	20 / 2	2018-11-21
4.0.7	20 / 2	2018-11-15
4.0.6	20 / 2	2018-11-13
4.0.4	20 / 2	2018-11-06
4.0.3	20 / 2	2018-11-06
4.0.2	20 / 2	2018-10-31
4.0.1	20 / 2	2018-10-31
4.0.0	20 / 2	2018-10-29
3.4.12	21 / 2	2019-03-24
3.4.11	21 / 2	2018-09-17
3.4.10	21 / 2	2018-08-03
3.4.8	21 / 2	2018-06-21
3.4.7	21 / 2	2018-06-10
3.4.6	21 / 2	2018-05-27
3.4.5	21 / 2	2018-05-17
3.4.4	21 / 2	2018-05-12
3.4.3	21 / 2	2018-04-27

Showing 100 of 244 Next page →