@automattic/agenttic-ui
UI components for the Agenttic framework
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:@wordpress/data | AI (phantom-deps): Config-file reference in component library; stable pattern for this package. | ai | |
| phantom-deps | phantom-dep:@automattic/agenttic-client | AI (phantom-deps): Same-org dependency; config-file reference pattern consistent with library. | ai | |
| phantom-deps | phantom-dep:@wordpress/i18n | AI (phantom-deps): Config-file reference in component library; stable pattern for this package. | ai | |
| phantom-deps | phantom-dep:@visx/xychart | AI (phantom-deps): Config-file reference in component library; stable pattern for this package. | ai | |
| phantom-deps | phantom-dep:@floating-ui/react-dom | AI (phantom-deps): Newly added runtime dep; referenced in config but legitimate floating UI library. | ai | |
| phantom-deps | phantom-dep:use-debounce | AI (phantom-deps): Hook library re-exported from component library; stable pattern for this package. | ai | |
| phantom-deps | phantom-dep:remark-gfm | AI (phantom-deps): React UI library; remark-gfm used in markdown processing, re-exported via config. | ai | |
| publish-pattern | dormant-publish | AI (publish-pattern): Trusted Automattic publisher with 109 approved packages; no material changes in this release. | ai | |
| dependencies | unvetted-dep:@automattic/charts | AI (dependencies): Same-org (@automattic) dependency; low risk for this package. | ai | |
| phantom-deps | phantom-dep:@radix-ui/react-scroll-area | AI (phantom-deps): Declared runtime dep; phantom-dep heuristic false positive for this component library. | ai | |
| phantom-deps | phantom-dep:clsx | AI (phantom-deps): Declared runtime dep used transitively in component library; phantom-dep heuristic fires on config-only references. | ai | |
| phantom-deps | phantom-dep:react-textarea-autosize | AI (phantom-deps): Declared runtime dep; phantom-dep heuristic false positive for this component library. | ai | |
| phantom-deps | phantom-dep:lucide-react | AI (phantom-deps): Declared runtime dep in a UI component library; phantom-dep heuristic false positive. | ai | |
| phantom-deps | phantom-dep:react-dom | AI (phantom-deps): Listed as both dep and peerDep; phantom-dep fires because it's not directly imported in the analyzed entry. | ai | |
| phantom-deps | phantom-dep:class-variance-authority | AI (phantom-deps): Declared runtime dep; phantom-dep heuristic false positive for this component library. | ai |
Versions (showing 32 of 32)
| Version | Deps | Published |
|---|---|---|
| 0.1.65 | 17 / 25 | |
| 0.1.64 | 17 / 25 | |
| 0.1.63 | 17 / 25 | |
| 0.1.62 | 17 / 25 | |
| 0.1.61 | 17 / 25 | |
| 0.1.60 | 17 / 25 | |
| 0.1.58 | 17 / 25 | |
| 0.1.57 | 17 / 25 | |
| 0.1.56 | 17 / 25 | |
| 0.1.53 | 17 / 25 | |
| 0.1.52 | 17 / 25 | |
| 0.1.51 | 17 / 25 | |
| 0.1.49 | 17 / 25 | |
| 0.1.48 | 17 / 25 | |
| 0.1.46 | 17 / 25 | |
| 0.1.45 | 17 / 25 | |
| 0.1.44 | 17 / 25 | |
| 0.1.43 | 17 / 25 | |
| 0.1.42 | 17 / 25 | |
| 0.1.41 | 17 / 25 | |
| 0.1.40 | 17 / 25 | |
| 0.1.37 | 16 / 25 | |
| 0.1.33 | 16 / 25 | |
| 0.1.32 | 16 / 25 | |
| 0.1.31 | 16 / 25 | |
| 0.1.29 | 16 / 25 | |
| 0.1.25 | 16 / 25 | |
| 0.1.22 | 15 / 25 | |
| 0.1.21 | 15 / 25 | |
| 0.1.2 | 15 / 26 | |
| 0.1.1 | 15 / 26 | |
| 0.1.0 | 15 / 26 |
v0.1.65
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.64
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.63
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.62
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.60
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.58
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.57
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.56
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.53
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.52
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.51
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.49
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.48
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.46
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.45
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.44
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.43
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.42
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.41
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.40
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.37
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.33
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.32
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.31
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.29
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.25
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.22
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.21
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.