@trackunit/react-form-components
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:jest-fetch-mock | AI (phantom-deps): Testing dependency; referenced in config files, stable for this package. | ai | |
| phantom-deps | phantom-dep:@storybook/react-webpack5 | AI (phantom-deps): Storybook build dependency; referenced in config, stable for this package. | ai | |
| phantom-deps | phantom-dep:@trackunit/react-test-setup | AI (phantom-deps): Internal org test setup; config reference, stable for this package. | ai | |
| dependencies | unvetted-dep:@trackunit/ui-icons | AI (dependencies): First-party @trackunit scoped package; consistent with this package's internal dependency pattern. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Internal component library; link-dump README and no keywords are typical for org-internal packages, not spam indicators. | ai | |
| dependencies | unvetted-dep:@trackunit/react-components | AI (dependencies): First-party @trackunit scoped package; consistent with this package's internal dependency pattern. | ai | |
| dependencies | unvetted-dep:@trackunit/i18n-library-translation | AI (dependencies): First-party @trackunit scoped package; consistent with this package's internal dependency pattern. | ai |
Versions (showing 13 of 622)
| Version | Deps | Published |
|---|---|---|
| 1.3.122 | 17 / 0 | |
| 1.3.121 | 17 / 0 | |
| 1.3.120 | 17 / 0 | |
| 1.3.118 | 17 / 0 | |
| 1.3.117 | 17 / 0 | |
| 1.3.115 | 17 / 0 | |
| 1.3.114 | 17 / 0 | |
| 1.3.113 | 17 / 0 | |
| 1.3.112 | 17 / 0 | |
| 1.3.111 | 17 / 0 | |
| 1.3.110 | 17 / 0 | |
| 1.3.109 | 17 / 0 | |
| 1.3.106 | 17 / 0 |
v1.3.122
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.3.121
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.3.120
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.3.118
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.3.117
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.3.115
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.3.114
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.3.113
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.3.112
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.3.111
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.3.110
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.3.109
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.3.106
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.