@tscircuit/runframe — Greenflagged

[tscircuit](https://github.com/tscircuit/tscircuit) ⋅ [View Examples](https://runframe.vercel.app)

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

seveibar

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
phantom-deps	phantom-dep:@tscircuit/footprinter	AI (phantom-deps): Same-org dep referenced in config; stable pattern.	ai	2026/05/31
phantom-deps	phantom-dep:@radix-ui/react-progress	AI (phantom-deps): Config-referenced external; stable false positive for this package.	ai	2026/05/30
phantom-deps	phantom-dep:cssnano	AI (phantom-deps): CSS build tool referenced in config; not a runtime import.	ai	2026/05/18
phantom-deps	phantom-dep:jscad-fiber	AI (phantom-deps): Referenced in config/externals; stable false positive for this package.	ai	2026/05/18
phantom-deps	phantom-dep:circuit-to-svg	AI (phantom-deps): Config reference; stable false positive for this package.	ai	2026/05/18
phantom-deps	phantom-dep:comlink	AI (phantom-deps): Build/config reference, not a missing runtime import; stable pattern for this package.	ai	2026/05/18
phantom-deps	phantom-dep:schematic-symbols	AI (phantom-deps): Config reference; stable false positive for this package.	ai	2026/05/18
phantom-deps	phantom-dep:tailwindcss-animate	AI (phantom-deps): Tailwind plugin referenced in config; stable false positive.	ai	2026/05/18
phantom-deps	phantom-dep:@tscircuit/file-server	AI (phantom-deps): Same-org dep; config reference pattern, stable false positive.	ai	2026/05/18
source-diff	encoded-string-file:dist/standalone-preview.min.js	AI (source-diff): Long strings in this minified bundle are CSS animations and schematic rendering logic from the Vite build process — not obfuscated payloads. Stable false positive for this circuit visualization package.	ai	2026/04/27
source-diff	encoded-string-file:dist/standalone.min.js	AI (source-diff): Long strings in this minified bundle are CSS animations and schematic rendering logic from the Vite build process — not obfuscated payloads. Stable false positive for this circuit visualization package.	ai	2026/04/27
provenance	no-provenance	AI (provenance): Established package with 1863 versions and 17k weekly downloads; lack of provenance is consistent across all prior versions and is not a security concern here.	ai	2026/04/25

Versions (showing 51 of 1592)

View all versions

Version	Deps	Published
0.0.2071	2 / 80	2026-06-12
0.0.2070	2 / 80	2026-06-12
0.0.2069	2 / 80	2026-06-12
0.0.2068	2 / 80	2026-06-12
0.0.2067	2 / 80	2026-06-12
0.0.2066	2 / 80	2026-06-11
0.0.2065	2 / 80	2026-06-11
0.0.2064	2 / 80	2026-06-11
0.0.2063	2 / 80	2026-06-11
0.0.2062	2 / 80	2026-06-11
0.0.2061	2 / 80	2026-06-11
0.0.2060	2 / 80	2026-06-11
0.0.2059	2 / 80	2026-06-11
0.0.2058	2 / 80	2026-06-10
0.0.2057	2 / 80	2026-06-10
0.0.2056	2 / 80	2026-06-10
0.0.2055	2 / 80	2026-06-10
0.0.2054	2 / 80	2026-06-10
0.0.2053	2 / 80	2026-06-10
0.0.2052	2 / 80	2026-06-09
0.0.2051	2 / 80	2026-06-09
0.0.2050	2 / 80	2026-06-09
0.0.2049	2 / 80	2026-06-08
0.0.2048	2 / 80	2026-06-08
0.0.2047	2 / 80	2026-06-08
0.0.2046	2 / 80	2026-06-08
0.0.2045	2 / 80	2026-06-07
0.0.2044	2 / 80	2026-06-07
0.0.2043	2 / 80	2026-06-06
0.0.2042	2 / 80	2026-06-05
0.0.2041	2 / 80	2026-06-05
0.0.2040	2 / 80	2026-06-05
0.0.2039	2 / 80	2026-06-04
0.0.2038	2 / 80	2026-06-04
0.0.2037	2 / 80	2026-06-04
0.0.2036	2 / 80	2026-06-04
0.0.2035	2 / 80	2026-06-04
0.0.2034	2 / 80	2026-06-04
0.0.2033	2 / 80	2026-06-03
0.0.2032	2 / 80	2026-06-03
0.0.2031	2 / 80	2026-06-03
0.0.2030	2 / 80	2026-06-03
0.0.2029	2 / 80	2026-06-03
0.0.2028	2 / 80	2026-06-03
0.0.2027	2 / 80	2026-06-03
0.0.2026	2 / 80	2026-06-03
0.0.2025	2 / 80	2026-06-03
0.0.2024	2 / 80	2026-06-03
0.0.2023	2 / 80	2026-06-02
0.0.2022	2 / 80	2026-06-02
0.0.2021	2 / 80	2026-06-02