@bpmnkit/ui No license 9 versions

@bpmnkit/ui

npm Repository Homepage

9

Versions

—

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

urbanisierung

Keywords

bpmnuidesign-tokensthemecomponentscss-variablestypescript

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
typosquat	typosquat.levenshtein:uuid	AI (typosquat): Scoped @bpmnkit/ui package; Levenshtein match to uuid is a false positive.	ai	2026/05/09
typosquat	typosquat.levenshtein:pg	AI (typosquat): Scoped @bpmnkit/ui package; Levenshtein match to pg is a false positive.	ai	2026/05/09
typosquat	typosquat.levenshtein:qs	AI (typosquat): Scoped @bpmnkit/ui package; Levenshtein match to qs is a false positive.	ai	2026/05/09
typosquat	typosquat.levenshtein:joi	AI (typosquat): Scoped @bpmnkit/ui package; Levenshtein match to joi is a false positive.	ai	2026/05/09
typosquat	typosquat.levenshtein:yup	AI (typosquat): Scoped @bpmnkit/ui package; Levenshtein match to yup is a false positive.	ai	2026/05/09

Versions (showing 9 of 9)

Version	Deps	Published
0.0.14	0 / 0	2026-04-21
0.0.13	0 / 0	2026-04-04
0.0.12	0 / 0	2026-04-02
0.0.9	0 / 0	2026-03-19
0.0.8	0 / 0	2026-03-16
0.0.7	0 / 0	2026-03-15
0.0.6	0 / 0	2026-03-15
0.0.5	0 / 0	2026-03-15
0.0.4	0 / 0	2026-03-15

v0.0.14

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.13

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.12

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.9

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.8

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.7

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.6

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.4

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.