@tellescope/video-chat
Shared UI components designed with support for React and React Native in mind. To be used across Tellescope web apps and open-sourced modules.
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| bogus-package | bogus-package | AI (bogus-package): Monorepo component; sparse README and missing keywords are stable for this package. | ai | |
| provenance | no-provenance | AI (provenance): Consistent across 810 versions; not a new risk for this package. | ai | |
| dependencies | unvetted-dep:amazon-chime-sdk-js | AI (dependencies): Expected core dependency for a video-chat component library built on Amazon Chime SDK. | ai | |
| dependencies | unvetted-dep:amazon-chime-sdk-component-library-react | AI (dependencies): Expected UI dependency for a Chime-based video-chat component library. | ai | |
| dependencies | unvetted-dep:@tellescope/react-components | AI (dependencies): Same-org sibling package; consistent with the @tellescope monorepo pattern. | ai | |
| phantom-deps | phantom-dep:@tellescope/sdk | AI (phantom-deps): Same-org dep; phantom signal is a false positive for this monorepo structure. | ai | |
| phantom-deps | phantom-dep:@fontsource/roboto | AI (phantom-deps): Font dep declared in dependencies; org packaging pattern. | ai | |
| phantom-deps | phantom-dep:@mui/icons-material | AI (phantom-deps): UI dep declared in dependencies; org packaging pattern. | ai | |
| phantom-deps | phantom-dep:eslint-plugin-react | AI (phantom-deps): Dev tooling in dependencies; org packaging pattern. | ai | |
| phantom-deps | phantom-dep:eslint | AI (phantom-deps): Dev tooling listed in dependencies instead of devDependencies; stable packaging pattern for this org. | ai | |
| phantom-deps | phantom-dep:@tellescope/utilities | AI (phantom-deps): Same-org dep; false positive for monorepo structure. | ai | |
| phantom-deps | phantom-dep:@typescript-eslint/parser | AI (phantom-deps): Dev tooling in dependencies; org packaging pattern. | ai | |
| phantom-deps | phantom-dep:@typescript-eslint/eslint-plugin | AI (phantom-deps): Dev tooling in dependencies; org packaging pattern. | ai | |
| phantom-deps | phantom-dep:@tellescope/constants | AI (phantom-deps): Same-org dep; false positive for monorepo structure. | ai | |
| phantom-deps | phantom-dep:@mui/material | AI (phantom-deps): UI peer dep declared in dependencies; consistent across tellescope org packages. | ai | |
| phantom-deps | phantom-dep:styled-system | AI (phantom-deps): Styling dep declared in dependencies; org packaging pattern. | ai | |
| phantom-deps | phantom-dep:@emotion/react | AI (phantom-deps): MUI peer dep declared in dependencies; org packaging pattern. | ai | |
| phantom-deps | phantom-dep:@emotion/styled | AI (phantom-deps): MUI peer dep declared in dependencies; org packaging pattern. | ai |
v1.197.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.196.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.195.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.