react-joyride — Greenflagged

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

gilbarbara

reactreact-componenttooltipsjoyridewalkthroughstour

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
dependencies	unvetted-dep:@gilbarbara/hooks	AI (dependencies): First-party dep from the same author (gilbarbara); stable pattern across versions.	ai	2026/04/30
dependencies	unvetted-dep:@gilbarbara/types	AI (dependencies): First-party dep from the same author (gilbarbara); stable pattern across versions.	ai	2026/04/30
dependencies	unvetted-dep:@gilbarbara/deep-equal	AI (dependencies): First-party dep from the same author (gilbarbara); stable pattern across versions.	ai	2026/04/30
dependencies	unvetted-dep:is-lite	AI (dependencies): Lightweight type-checking utility; long-standing dep in this package's ecosystem.	ai	2026/04/30
phantom-deps	phantom-dep:@gilbarbara/types	AI (phantom-deps): Types-only package; expected to appear in config/tsconfig rather than direct imports.	ai	2026/04/30

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.