@audius/harmony
The Audius Design System
2
Versions
ISC
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
gitHead linked
Maintainers
dylanjeffersaudius-projectmarcus_audius
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:react-perfect-scrollbar | AI (phantom-deps): Component library peer/indirect dep pattern; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:lodash | AI (phantom-deps): Component library peer/indirect dep pattern; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:color | AI (phantom-deps): Component library peer/indirect dep pattern; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:numeral | AI (phantom-deps): Component library peer/indirect dep pattern; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:react-use | AI (phantom-deps): Component library peer/indirect dep pattern; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:classnames | AI (phantom-deps): Component library peer/indirect dep pattern; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@emotion/css | AI (phantom-deps): Component library peer/indirect dep pattern; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:lottie-react | AI (phantom-deps): Component library peer/indirect dep pattern; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:react-spring | AI (phantom-deps): Component library peer/indirect dep pattern; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@emotion/react | AI (phantom-deps): Component library peer/indirect dep pattern; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@emotion/styled | AI (phantom-deps): Component library peer/indirect dep pattern; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:react-merge-refs | AI (phantom-deps): Component library peer/indirect dep pattern; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@react-spring/web | AI (phantom-deps): Component library peer/indirect dep pattern; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:react-use-measure | AI (phantom-deps): Component library peer/indirect dep pattern; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:react-virtualized | AI (phantom-deps): Component library peer/indirect dep pattern; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@radix-ui/react-slot | AI (phantom-deps): Component library peer/indirect dep pattern; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@juggle/resize-observer | AI (phantom-deps): Component library peer/indirect dep pattern; stable false positive for this package. | ai | |
| dependencies | unvetted-dep:@react-spring/web | AI (dependencies): @react-spring/web is a well-known animation library; stable false positive for this design system package. | ai |
v0.5.3
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.0
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.