@athoscommerce/snap-preact
Snap Preact
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| publish-pattern | new-deps-added | AI (publish-pattern): colord is a well-established, safe color utility; addition is benign for this package. | ai | |
| dependencies | unvetted-dep:react-ranger | AI (dependencies): react-ranger is a legitimate open-source range slider library; no malware indicators. | ai | |
| dependencies | unvetted-dep:@athoscommerce/snap-tracker | AI (dependencies): First-party sibling package from the same AthosCommerce org; consistent with the package's ecosystem. | ai |
Versions (showing 6 of 6)
| Version | Deps | Published |
|---|---|---|
| 1.5.1 | 19 / 27 | |
| 1.5.0 | 19 / 28 | |
| 1.3.0 | 21 / 25 | |
| 1.2.2 | 21 / 25 | |
| 1.2.0 | 21 / 25 | |
| 1.1.5 | 21 / 25 |
v1.5.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.5.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.3.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.2.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.2.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.1.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.