@types/yoga-layout
Stub TypeScript definitions entry for yoga-layout, which provides its own types definitions
9
Versions
MIT
License
No
Install Scripts
Missing
Provenance
Supply chain provenance
Status for the latest visible version.
No SLSA provenance
npm registry signatures
No source commit
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
types
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| publish-pattern | dormant-publish | AI (publish-pattern): Stub redirect packages in the @types namespace are published reactively when upstream adds bundled types; long dormancy before a stub release is expected and benign. | ai | |
| publish-pattern | new-deps-added | AI (publish-pattern): The yoga-layout dependency is the entire point of this stub package — it redirects consumers to the upstream package's bundled types. Not a supply-chain risk. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Stub @types redirect packages intentionally have no code, no README instructions, and minimal metadata. All bogus-package signals are structural features of this well-known pattern. | ai | |
| phantom-deps | phantom-dep:yoga-layout | AI (phantom-deps): Stub packages declare deps for type resolution, not for direct import. Phantom-dep finding is a false positive for this package type. | ai | |
| source-diff | source-size-dropped | AI (source-diff): Source size dropping to 0 is expected — this version converts the package to a pure stub with no code files, which is the intended design. | ai |
Versions (showing 9 of 9)
| Version | Deps | Published |
|---|---|---|
| 3.1.0 | 1 / 0 | |
| 1.9.7 | 0 / 0 | |
| 1.9.6 | 0 / 0 | |
| 1.9.5 | 0 / 0 | |
| 1.9.4 | 0 / 0 | |
| 1.9.3 | 0 / 0 | |
| 1.9.2 | 0 / 0 | |
| 1.9.1 | 0 / 0 | |
| 1.9.0 | 0 / 0 |
v3.1.0
1 finding
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.2
1 finding
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.