@balena/ui-shared-components

This project was bootstrapped with [Create React App](https://github.com/facebook/create-react-app).

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

balena.iopage

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
phantom-deps	phantom-dep:@mui/styled-engine-sc	AI (phantom-deps): MUI styled-engine peer dependency; stable pattern for this package.	ai	2026/05/20
phantom-deps	phantom-dep:@types/jest	AI (phantom-deps): Type definitions for test framework; stable pattern for this package.	ai	2026/05/20
phantom-deps	phantom-dep:ts-jest	AI (phantom-deps): Jest preset in config; stable pattern for this package.	ai	2026/05/20
phantom-deps	phantom-dep:rimraf	AI (phantom-deps): Build utility in npm scripts; stable pattern for this package.	ai	2026/05/20
phantom-deps	phantom-dep:jest	AI (phantom-deps): Test framework referenced in jest config; stable pattern for this package.	ai	2026/05/20
publish-pattern	new-deps-added	AI (publish-pattern): @tanstack/react-virtual is a well-known, established library replacing virtua; not a suspicious dependency addition.	ai	2026/05/19
dependencies	unvetted-dep:analytics-client	AI (dependencies): Analytics integration expected for a Balena UI library; stable dependency.	ai	2026/05/01
dependencies	unvetted-dep:@rjsf/mui	AI (dependencies): Standard react-jsonschema-form MUI renderer; consistent with UI component library purpose.	ai	2026/05/01
dependencies	unvetted-dep:@amplitude/experiment-js-client	AI (dependencies): Amplitude feature flagging client; consistent with analytics/experimentation use in Balena UI.	ai	2026/05/01
phantom-deps	phantom-dep:react-is	AI (phantom-deps): UI component library; react-is used as peer/config dep, not directly imported.	ai	2026/04/29
bogus-package	bogus-package	AI (bogus-package): Internal Balena org UI library; thin README and no keywords are cosmetic, not indicative of spam.	ai	2026/04/29
phantom-deps	phantom-dep:@emotion/styled	AI (phantom-deps): MUI peer dependency; referenced in config, not directly imported.	ai	2026/04/29
phantom-deps	phantom-dep:@emotion/react	AI (phantom-deps): MUI peer dependency; referenced in config, not directly imported.	ai	2026/04/29
phantom-deps	phantom-dep:typescript	AI (phantom-deps): Build tooling dep; referenced in tsconfig/jest config, not directly imported.	ai	2026/04/29
phantom-deps	phantom-dep:react-dom	AI (phantom-deps): Peer dependency for React component library; referenced in config, not directly imported.	ai	2026/04/29

Versions (showing 34 of 34)

Version	Deps	Published
15.8.0	44 / 25	2026-05-11
15.7.4	44 / 25	2026-04-30
15.7.3	44 / 25	2026-03-30
15.7.2	44 / 25	2026-03-30
15.7.1	44 / 25	2026-02-19
15.7.0	44 / 25	2026-01-26
15.6.1	44 / 25	2026-01-15
15.6.0	44 / 24	2026-01-15
15.5.5	44 / 24	2026-01-15
15.5.4	44 / 24	2025-12-30
15.5.3	47 / 21	2025-12-29
15.5.2	47 / 22	2025-12-29
15.5.1	47 / 22	2025-12-29
15.5.0	47 / 22	2025-12-29
15.4.0	47 / 22	2025-12-23
15.3.0	47 / 22	2025-12-19
15.2.11	45 / 22	2025-12-08
15.2.10	45 / 22	2025-12-02
15.2.9	45 / 22	2025-11-24
15.2.8	45 / 22	2025-11-21
15.2.7	45 / 22	2025-11-18
15.2.6	45 / 22	2025-11-18
15.2.4	45 / 22	2025-11-17
15.2.3	45 / 22	2025-11-13
15.2.2	44 / 22	2025-11-05
15.2.1	44 / 22	2025-11-04
15.2.0	44 / 22	2025-11-03
15.1.2	44 / 22	2025-10-30
15.1.1	44 / 22	2025-10-27
15.1.0	44 / 22	2025-10-15
15.0.3	43 / 22	2025-10-10
15.0.2	43 / 22	2025-10-10
15.0.1	43 / 22	2025-10-09
15.0.0	43 / 22	2025-10-09

v15.8.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v15.7.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.