@adyen/adyen-salesforce-pwa
This NPM package enables you to go live fast with payments with Adyen as a payment service provider when building your Salesforce PWA Retail application.
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:@adyen/api-library | AI (dependencies): First-party Adyen library; same org scope as this package, stable dependency across versions. | ai | |
| phantom-deps | phantom-dep:@salesforce/pwa-kit-runtime | AI (phantom-deps): PWA runtime dep referenced in config; stable false positive. | ai | |
| phantom-deps | phantom-dep:uuid | AI (phantom-deps): Referenced in config files only; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:framer-motion | AI (phantom-deps): UI dep referenced in config; stable false positive for this PWA plugin. | ai | |
| phantom-deps | phantom-dep:@emotion/react | AI (phantom-deps): Chakra-UI peer dep referenced in config; stable false positive. | ai | |
| phantom-deps | phantom-dep:@emotion/styled | AI (phantom-deps): Chakra-UI peer dep referenced in config; stable false positive. | ai | |
| phantom-deps | phantom-dep:@adyen/api-library | AI (phantom-deps): Same org scope; likely used indirectly via re-exports or config; stable false positive. | ai | |
| phantom-deps | phantom-dep:commerce-sdk-isomorphic | AI (phantom-deps): Salesforce PWA SDK dep referenced in config; stable false positive. | ai | |
| phantom-deps | phantom-dep:react-dom | AI (phantom-deps): PWA plugin; react-dom is a peer/transitive dep referenced in config, not directly imported. | ai | |
| phantom-deps | phantom-dep:node-fetch | AI (phantom-deps): HTTP utility in CLI scripts; stable pattern for this package. | ai | |
| phantom-deps | phantom-dep:body-parser | AI (phantom-deps): Express middleware in config; stable pattern for this package. | ai | |
| phantom-deps | phantom-dep:update-notifier | AI (phantom-deps): CLI update-check script; stable pattern for this package. | ai | |
| phantom-deps | phantom-dep:express-validator | AI (phantom-deps): Validation in CLI scripts; stable pattern for this package. | ai | |
| phantom-deps | phantom-dep:minimist | AI (phantom-deps): CLI argument parsing; stable pattern for this package. | ai | |
| phantom-deps | phantom-dep:dotenv | AI (phantom-deps): Config-file reference in CLI scripts; stable pattern for this package. | ai |
Versions (showing 8 of 8)
| Version | Deps | Published |
|---|---|---|
| 4.3.0 | 6 / 31 | |
| 4.2.2 | 6 / 31 | |
| 4.1.1 | 6 / 27 | |
| 4.1.0 | 6 / 27 | |
| 4.0.0 | 6 / 27 | |
| 3.0.4 | 15 / 23 | |
| 3.0.3 | 15 / 23 | |
| 3.0.2 | 15 / 23 |
v4.3.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.2.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.1.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.1.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.0.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.