@ant-design/agentic-ui
面向智能体的 UI 组件库,提供多步推理可视化、工具调用展示、任务执行协同等 Agentic UI 能力
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:markdown-it | AI (dependencies): markdown-it is a well-known, widely-used markdown parser; stable false positive for this package. | ai | |
| dependencies | unvetted-dep:@galacean/effects | AI (dependencies): Galacean Effects is a legitimate animation/effects library from Alibaba; consistent with this UI package's feature set. | ai | |
| provenance | no-provenance | AI (provenance): Established ant-design publisher; lack of provenance is common and not a risk signal here. | ai | |
| phantom-deps | phantom-dep:direction | AI (phantom-deps): Optional RTL utility; config-referenced, not a runtime requirement for all consumers. | ai | |
| phantom-deps | phantom-dep:quicklink | AI (phantom-deps): Optional prefetch dep; config-referenced only. | ai | |
| phantom-deps | phantom-dep:markdown-it | AI (phantom-deps): Optional markdown dep; config-referenced, not directly imported in all paths. | ai | |
| phantom-deps | phantom-dep:@types/three | AI (phantom-deps): Type-only dep for optional 3D integration; framework-scoped, stable false positive. | ai | |
| phantom-deps | phantom-dep:@babel/runtime | AI (phantom-deps): Framework-scoped runtime dep; loaded by convention in transpiled output. | ai | |
| phantom-deps | phantom-dep:tailwind-merge | AI (phantom-deps): Optional styling utility; config-referenced only. | ai | |
| phantom-deps | phantom-dep:styled-components | AI (phantom-deps): Optional styling dep; config-referenced, not required for all consumers. | ai | |
| phantom-deps | phantom-dep:three | AI (phantom-deps): Optional 3D integration dep; referenced in config, not required at runtime for all consumers. | ai | |
| phantom-deps | phantom-dep:@better-scroll/core | AI (phantom-deps): Optional scroll dep; config-referenced only. | ai | |
| phantom-deps | phantom-dep:markdown-it-container | AI (phantom-deps): Optional markdown plugin; config-referenced only. | ai | |
| phantom-deps | phantom-dep:react-resizable-panels | AI (phantom-deps): Optional layout dep; config-referenced only. | ai | |
| phantom-deps | phantom-dep:@juggle/resize-observer | AI (phantom-deps): Optional polyfill; config-referenced only. | ai | |
| phantom-deps | phantom-dep:@better-scroll/scroll-bar | AI (phantom-deps): Optional scroll plugin; config-referenced only. | ai | |
| phantom-deps | phantom-dep:@better-scroll/mouse-wheel | AI (phantom-deps): Optional scroll plugin; config-referenced only. | ai | |
| phantom-deps | phantom-dep:@better-scroll/observe-dom | AI (phantom-deps): Optional scroll plugin; config-referenced only. | ai | |
| phantom-deps | phantom-dep:@react-three/fiber | AI (phantom-deps): Optional 3D integration; config-referenced only. | ai | |
| phantom-deps | phantom-dep:lodash | AI (phantom-deps): Large UI lib; lodash-es is the primary import, lodash listed for compat; stable false positive. | ai | |
| phantom-deps | phantom-dep:flubber | AI (phantom-deps): Optional animation dep for chart components; config-referenced only. | ai |
Versions (showing 24 of 24)
| Version | Deps | Published |
|---|---|---|
| 2.32.41 | 79 / 49 | |
| 2.32.40 | 79 / 49 | |
| 2.32.39 | 79 / 49 | |
| 2.32.38 | 79 / 49 | |
| 2.32.37 | 79 / 49 | |
| 2.32.36 | 79 / 49 | |
| 2.32.35 | 79 / 49 | |
| 2.32.34 | 79 / 49 | |
| 2.32.33 | 79 / 49 | |
| 2.32.32 | 79 / 49 | |
| 2.32.31 | 79 / 49 | |
| 2.32.16 | 79 / 49 | |
| 2.32.13 | 79 / 49 | |
| 2.31.5 | 78 / 50 | |
| 2.31.2 | 78 / 50 | |
| 2.31.0 | 78 / 50 | |
| 2.30.30 | 78 / 50 | |
| 2.30.24 | 78 / 50 | |
| 2.30.22 | 78 / 50 | |
| 2.30.19 | 78 / 50 | |
| 2.30.17 | 78 / 50 | |
| 2.30.15 | 78 / 50 | |
| 2.30.14 | 78 / 50 | |
| 2.30.13 | 78 / 50 |
v2.32.41
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.32.40
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.32.39
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.32.38
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.32.37
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.32.36
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.32.35
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.32.34
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.32.33
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.32.32
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.32.31
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.32.16
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.32.13
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.31.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.31.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.31.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.30.30
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.30.24
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.30.22
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.30.19
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.30.17
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.30.15
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.30.14
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.30.13
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.