@anvia/studio
Studio UI and HTTP runtime for Anvia agents.
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:react | AI (phantom-deps): React UI library; dependencies used in bundled component exports. | ai | |
| phantom-deps | phantom-dep:react-dom | AI (phantom-deps): React UI library; dependencies used in bundled component exports. | ai | |
| phantom-deps | phantom-dep:clsx | AI (phantom-deps): Utility used in bundled component code; stable pattern for this package. | ai | |
| phantom-deps | phantom-dep:lucide-react | AI (phantom-deps): Icon library used in bundled components; stable pattern for this package. | ai | |
| phantom-deps | phantom-dep:react-markdown | AI (phantom-deps): Component dependency used in bundled output; stable pattern for this package. | ai | |
| phantom-deps | phantom-dep:tailwind-merge | AI (phantom-deps): Utility used in bundled component code; stable pattern for this package. | ai | |
| phantom-deps | phantom-dep:@radix-ui/react-slot | AI (phantom-deps): Radix UI dependency used in bundled components; stable pattern for this package. | ai | |
| phantom-deps | phantom-dep:@radix-ui/react-dialog | AI (phantom-deps): Radix UI dependency used in bundled components; stable pattern for this package. | ai | |
| phantom-deps | phantom-dep:@radix-ui/react-select | AI (phantom-deps): Radix UI dependency used in bundled components; stable pattern for this package. | ai | |
| phantom-deps | phantom-dep:class-variance-authority | AI (phantom-deps): Utility used in bundled component code; stable pattern for this package. | ai | |
| phantom-deps | phantom-dep:@radix-ui/react-separator | AI (phantom-deps): Radix UI dependency used in bundled components; stable pattern for this package. | ai | |
| phantom-deps | phantom-dep:@radix-ui/react-scroll-area | AI (phantom-deps): Radix UI dependency used in bundled components; stable pattern for this package. | ai | |
| phantom-deps | phantom-dep:@radix-ui/react-alert-dialog | AI (phantom-deps): Radix UI dependency used in bundled components; stable pattern for this package. | ai |
Versions (showing 13 of 13)
| Version | Deps | Published |
|---|---|---|
| 0.2.8 | 17 / 12 | |
| 0.2.7 | 17 / 12 | |
| 0.2.6 | 17 / 12 | |
| 0.2.5 | 17 / 12 | |
| 0.2.4 | 17 / 12 | |
| 0.2.3 | 17 / 12 | |
| 0.2.2 | 17 / 12 | |
| 0.2.1 | 17 / 12 | |
| 0.2.0 | 17 / 12 | |
| 0.1.3 | 16 / 12 | |
| 0.1.2 | 16 / 12 | |
| 0.1.1 | 16 / 12 | |
| 0.1.0 | 16 / 12 |
v0.2.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.