vanilla-picker
A simple, easy to use vanilla JS color picker with alpha selection.
34
Versions
ISC
License
No
Install Scripts
Missing
Provenance
Supply chain provenance
Status for the latest visible version.
No SLSA provenance
npm registry signatures
gitHead linked
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
sphinxxxx
Keywords
uxuicolorcolourpickervanillavanilla-jscolor pickercolor-pickercolorpickerrgbrgbahslhslahexalpha
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/vanilla-picker.mjs | AI (source-diff): The .mjs file is readable ES module source; long lines are caused by an inline SVG data URI (BG_TRANSP) and bundled color name data, not obfuscation. False positive for this package. | ai | |
| source-diff | encoded-string-file:dist/vanilla-picker.js | AI (source-diff): The long encoded string is a base64-encoded CSS color name lookup table — a standard space-saving technique in color libraries. Not malicious. | ai | |
| source-diff | encoded-string-file:dist/vanilla-picker.min.js | AI (source-diff): Same color name lookup table in the minified build artifact. Expected for this color picker library. | ai | |
| provenance | no-provenance | AI (provenance): Established package (2977 days old, 36 versions) from a known publisher; lack of Sigstore provenance is common and not a risk signal here. | ai | |
| dependencies | unvetted-dep:drag-tracker | AI (dependencies): drag-tracker is a legitimate drag-interaction utility appropriate for a color picker; authored under the same sphinxxxx namespace as this package. | ai | |
| dependencies | unvetted-dep:@sphinxxxx/color-conversion | AI (dependencies): This is the same author's own scoped package (@sphinxxxx matches publisher sphinxxxx), a natural and expected dependency for a color picker library. Stable false positive for this package. | ai |
Versions (showing 34 of 34)
| Version | Deps | Published |
|---|---|---|
| 2.12.3 | 1 / 21 | |
| 2.12.2 | 1 / 21 | |
| 2.12.1 | 1 / 21 | |
| 2.12.0 | 1 / 21 | |
| 2.11.2 | 1 / 21 | |
| 2.11.1 | 1 / 21 | |
| 2.11.0 | 1 / 21 | |
| 2.10.1 | 1 / 21 | |
| 2.10.0 | 1 / 21 | |
| 2.9.2 | 1 / 21 | |
| 2.9.1 | 1 / 20 | |
| 2.9.0 | 1 / 20 | |
| 2.8.2 | 1 / 20 | |
| 2.8.1 | 2 / 19 | |
| 2.8.0 | 2 / 19 | |
| 2.7.2 | 2 / 19 | |
| 2.7.1 | 2 / 19 | |
| 2.7.0 | 2 / 17 | |
| 2.6.0 | 2 / 17 | |
| 2.5.3 | 2 / 17 | |
| 2.5.2 | 2 / 17 | |
| 2.5.1 | 2 / 17 | |
| 2.5.0 | 2 / 17 | |
| 2.4.3 | 2 / 17 | |
| 2.4.2 | 2 / 17 | |
| 2.4.1 | 2 / 17 | |
| 2.4.0 | 2 / 17 | |
| 2.3.0 | 2 / 16 | |
| 2.2.1 | 2 / 16 | |
| 2.2.0 | 2 / 16 | |
| 2.1.0 | 2 / 16 | |
| 2.0.2 | 2 / 16 | |
| 2.0.1 | 2 / 16 | |
| 2.0.0 | 2 / 16 |