element-plus No license 8 versions

element-plus

npm Repository Homepage

8

Versions

—

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

iamkunjeremywuuuuu

Keywords

element-pluselementcomponent libraryui frameworkuivue

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
dependencies	unvetted-dep:@popperjs/core	AI (dependencies): @popperjs/core is aliased to @sxzz/popperjs-es, an ESM fork maintained by sxzz (core Element Plus maintainer). This is an intentional, documented choice stable across versions.	ai	2026/04/25
dependencies	unvetted-dep:vue-component-type-helpers	AI (dependencies): vue-component-type-helpers is a type-only utility for Vue 3 component typing, used legitimately by Element Plus for TypeScript support. Stable pattern for this package.	ai	2026/04/25
phantom-deps	phantom-dep:lodash	AI (phantom-deps): lodash is declared as a dependency and used indirectly via lodash-unified. Not directly imported in source but legitimately required at runtime. Stable pattern for Element Plus.	ai	2026/04/25
phantom-deps	phantom-dep:lodash-es	AI (phantom-deps): lodash-es is declared as a dependency and used indirectly via lodash-unified. Not directly imported in source but legitimately required at runtime. Stable pattern for Element Plus.	ai	2026/04/25
phantom-deps	phantom-dep:@types/lodash	AI (phantom-deps): Type declaration package for lodash; framework-scoped and loaded by convention. Stable false positive for this package.	ai	2026/04/25
phantom-deps	phantom-dep:@types/lodash-es	AI (phantom-deps): Type declaration package for lodash-es; framework-scoped and loaded by convention. Stable false positive for this package.	ai	2026/04/25

Versions (showing 8 of 8)

Version	Deps	Published
2.14.1	15 / 2	2026-05-29
2.14.0	15 / 2	2026-05-08
2.13.7	15 / 2	2026-04-10
2.13.1	14 / 2	2026-01-09
2.11.4	15 / 4	2025-09-26
2.11.3	15 / 4	2025-09-19
2.11.2	15 / 4	2025-09-05
2.11.1	15 / 4	2025-08-23

v2.14.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.14.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.13.7

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.13.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.11.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.11.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.11.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.11.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.