@assistant-ui/react
36
Versions
—
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
No source commit
Maintainers
yonomagentbase-bot
Keywords
aiuisdkmcpagentagenticgenerativecomponentsassistantchatchatbotshadcnradix-uitailwindjavascriptopenaianthropicclaudexaichatgptgeminigrokreactframeworknextjswebservernodefront-endbackendclivercel
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | slsa-provenance | AI (provenance): Package has SLSA provenance via Sigstore; strongest supply chain integrity signal, stable for this package going forward. | ai | |
| source-diff | large-new-source-files | AI (source-diff): UI component library for AI chat; adding new source files is expected growth. No large files (≥50KB) flagged, no script or dep changes — consistent with normal feature development. | ai | |
| dependencies | unvetted-dep:@radix-ui/react-dropdown-menu | AI (dependencies): @radix-ui/react-dropdown-menu is a well-known, widely-trusted Radix UI component; entirely appropriate for a React UI component library. | ai | |
| provenance | publisher-changed | AI (provenance): Publisher changed from yonom to GitHub Actions CI/CD, consistent with intentional migration to automated publishing with SLSA provenance attestation. Not a suspicious actor. | ai | |
| publish-pattern | dormant-publish | AI (publish-pattern): Dormancy followed by CI/CD-published release with SLSA provenance is consistent with legitimate resumption of development, not account takeover. | ai | |
| phantom-deps | phantom-dep:@standard-schema/spec | AI (phantom-deps): @standard-schema/spec is a legitimate schema spec package used at config/type level; not being directly imported in source is expected for this kind of dependency. | ai | |
| phantom-deps | phantom-dep:zod | AI (phantom-deps): zod is a well-known validation library; phantom-dep finding is benign for a build/config reference. | ai | |
| dependencies | unvetted-dep:radix-ui | AI (dependencies): radix-ui is a well-known React UI primitives library; expected dependency for this UI component package. | ai | |
| phantom-deps | phantom-dep:nanoid | AI (phantom-deps): nanoid is a well-known ID generation library; phantom-dep finding is benign for a build/config reference. | ai | |
| dependencies | unvetted-dep:assistant-cloud | AI (dependencies): First-party dependency from the assistant-ui ecosystem, same publisher and GitHub org. | ai | |
| dependencies | unvetted-dep:assistant-stream | AI (dependencies): First-party dependency from the assistant-ui ecosystem, same publisher and GitHub org. | ai | |
| dependencies | unvetted-dep:@assistant-ui/tap | AI (dependencies): First-party scoped package from the assistant-ui org; expected internal dependency. | ai | |
| dependencies | unvetted-dep:@assistant-ui/core | AI (dependencies): First-party scoped package from the assistant-ui org; expected internal dependency. | ai | |
| dependencies | unvetted-dep:@assistant-ui/store | AI (dependencies): First-party scoped package from the assistant-ui org; expected internal dependency. | ai |
Versions (showing 36 of 144)
| Version | Deps | Published |
|---|---|---|
| 0.10.41 | 16 / 9 | |
| 0.10.40 | 16 / 9 | |
| 0.10.39 | 16 / 9 | |
| 0.10.37 | 16 / 9 | |
| 0.10.36 | 16 / 9 | |
| 0.10.35 | 16 / 9 | |
| 0.10.34 | 16 / 9 | |
| 0.10.33 | 16 / 9 | |
| 0.10.32 | 16 / 9 | |
| 0.10.31 | 16 / 9 | |
| 0.10.30 | 16 / 9 | |
| 0.10.29 | 16 / 9 | |
| 0.10.28 | 16 / 9 | |
| 0.10.27 | 16 / 9 | |
| 0.10.26 | 16 / 9 | |
| 0.10.25 | 16 / 9 | |
| 0.10.24 | 16 / 9 | |
| 0.10.23 | 15 / 9 | |
| 0.10.22 | 15 / 9 | |
| 0.10.21 | 15 / 9 | |
| 0.10.20 | 15 / 9 | |
| 0.10.19 | 15 / 9 | |
| 0.10.18 | 15 / 9 | |
| 0.10.17 | 15 / 9 | |
| 0.10.16 | 15 / 9 | |
| 0.10.15 | 15 / 9 | |
| 0.10.14 | 15 / 9 | |
| 0.10.13 | 15 / 9 | |
| 0.10.12 | 15 / 9 | |
| 0.10.11 | 15 / 9 | |
| 0.10.10 | 15 / 9 | |
| 0.10.9 | 15 / 9 | |
| 0.10.8 | 15 / 9 | |
| 0.10.7 | 15 / 9 | |
| 0.10.6 | 15 / 9 | |
| 0.10.5 | 15 / 9 |
v0.10.36
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.23
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.