← Home

@backstage-community/plugin-flux

npm Repository
6
Versions
Apache-2.0
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

patriko

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
npm-metadata no-description AI (npm-metadata): Backstage plugin packages often omit descriptions; not indicative of malice here. ai
publish-pattern new-deps-added AI (publish-pattern): New deps are established Backstage/Remix icon packages; consistent with UI modernization in this plugin. ai
dependencies unvetted-dep:@remixicon/react AI (dependencies): Legitimate icon library from Remix Icon; no security concerns. ai
dependencies unvetted-dep:@material-ui/icons AI (dependencies): Legitimate Material-UI icons package; standard in Backstage v1 plugin ecosystem. ai
dependencies unvetted-dep:@tanstack/react-query-persist-client AI (dependencies): Legitimate TanStack Query persistence package; widely used in React ecosystem. ai
dependencies unvetted-dep:@tanstack/query-sync-storage-persister AI (dependencies): Legitimate TanStack Query storage persister; widely used in React ecosystem. ai
phantom-deps phantom-dep:@backstage/theme AI (phantom-deps): Common in Backstage monorepo plugins; deps referenced in config/type files rather than direct imports. ai
dependencies unvetted-dep:@backstage/theme AI (dependencies): Well-known Backstage core package; standard dependency for Backstage frontend plugins. ai
phantom-deps phantom-dep:use-deep-compare AI (phantom-deps): Common in Backstage monorepo plugins; deps referenced in config/type files rather than direct imports. ai
phantom-deps phantom-dep:@material-ui/core AI (phantom-deps): Common in Backstage monorepo plugins; deps referenced in config/type files rather than direct imports. ai
phantom-deps phantom-dep:@material-ui/icons AI (phantom-deps): Common in Backstage monorepo plugins; deps referenced in config/type files rather than direct imports. ai
phantom-deps phantom-dep:@backstage/catalog-model AI (phantom-deps): Common in Backstage monorepo plugins; deps referenced in config/type files rather than direct imports. ai
phantom-deps phantom-dep:@material-ui/lab AI (phantom-deps): Common in Backstage monorepo plugins; deps referenced in config/type files rather than direct imports. ai
dependencies unvetted-dep:@material-ui/lab AI (dependencies): Legitimate Material-UI lab package; standard in Backstage v1 plugin ecosystem. ai

Versions (showing 6 of 6)

Version Deps Published
0.3.1 22 / 20
0.3.0 22 / 20
0.2.2 21 / 19
0.2.1 21 / 19
0.2.0 21 / 19
0.1.0 21 / 19

v0.3.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.