@budibase/client
The `manifest.json` file exports the definitions of all components available in this version of the client library. The manifest is used by the builder to correctly display components and their settings, and know how to correctly interact with them.
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:@spectrum-css/tag | AI (dependencies): Adobe Spectrum CSS UI component; benign addition consistent with existing @spectrum-css/card dep. | ai | |
| dependencies | unvetted-dep:svelte-legacy | AI (dependencies): svelte-legacy is an npm alias for [email protected], a well-known package used for Svelte v4 compatibility. | ai | |
| dependencies | unvetted-dep:@svelte-put/qr | AI (dependencies): Legitimate Svelte QR component library; consistent with Budibase client UI functionality. | ai | |
| dependencies | unvetted-dep:@spectrum-css/card | AI (dependencies): Adobe Spectrum CSS component; pinned version, consistent with Budibase UI design system usage. | ai | |
| publish-pattern | dormant-publish | AI (publish-pattern): Active monorepo with 3154 versions; dormancy signal is a false positive for this package. | ai | |
| phantom-deps | phantom-dep:apexcharts | AI (phantom-deps): Standard charting library; bundled via vite, not directly imported as ESM module. | ai | |
| phantom-deps | phantom-dep:leaflet | AI (phantom-deps): Standard mapping library; bundled via vite. | ai | |
| phantom-deps | phantom-dep:dayjs | AI (phantom-deps): Standard date library; bundled via vite. | ai | |
| phantom-deps | phantom-dep:shortid | AI (phantom-deps): Standard ID library; bundled via vite. | ai | |
| phantom-deps | phantom-dep:jsbarcode | AI (phantom-deps): Standard barcode library; bundled via vite. | ai | |
| phantom-deps | phantom-dep:downloadjs | AI (phantom-deps): Standard download utility; bundled via vite. | ai | |
| phantom-deps | phantom-dep:screenfull | AI (phantom-deps): Standard fullscreen library; bundled via vite. | ai | |
| phantom-deps | phantom-dep:@budibase/bbui | AI (phantom-deps): Monorepo sibling; bundled at build time, not directly imported as ESM. | ai | |
| phantom-deps | phantom-dep:html5-qrcode | AI (phantom-deps): Standard QR code library; bundled via vite. | ai | |
| phantom-deps | phantom-dep:sanitize-html | AI (phantom-deps): Standard HTML sanitization library; bundled via vite. | ai | |
| phantom-deps | phantom-dep:svelte-legacy | AI (phantom-deps): Svelte v4 alias for compatibility; bundled via vite. | ai | |
| phantom-deps | phantom-dep:@svelte-put/qr | AI (phantom-deps): Svelte QR component; bundled via vite. | ai | |
| phantom-deps | phantom-dep:@spectrum-css/tag | AI (phantom-deps): CSS-only design system package; no JS imports expected. | ai | |
| phantom-deps | phantom-dep:@spectrum-css/card | AI (phantom-deps): CSS-only design system package; no JS imports expected. | ai | |
| phantom-deps | phantom-dep:svelte-spa-router | AI (phantom-deps): Svelte router; bundled via vite. | ai | |
| phantom-deps | phantom-dep:html2pdf.js | AI (phantom-deps): Standard PDF export library; bundled via vite. | ai | |
| phantom-deps | phantom-dep:@budibase/types | AI (phantom-deps): Monorepo sibling; type-only dependency, not directly imported at runtime. | ai | |
| phantom-deps | phantom-dep:@budibase/shared-core | AI (phantom-deps): Monorepo sibling; bundled at build time. | ai | |
| phantom-deps | phantom-dep:@budibase/frontend-core | AI (phantom-deps): Monorepo sibling; bundled at build time. | ai | |
| phantom-deps | phantom-dep:@budibase/string-templates | AI (phantom-deps): Monorepo sibling; bundled at build time. | ai |
Versions (showing 51 of 71)
| Version | Deps | Published |
|---|---|---|
| 3.37.2 | 20 / 4 | |
| 3.37.1 | 20 / 4 | |
| 3.37.0 | 20 / 4 | |
| 3.36.3 | 20 / 4 | |
| 3.36.1 | 20 / 4 | |
| 3.35.10 | 20 / 4 | |
| 3.35.3 | 20 / 4 | |
| 3.35.2 | 20 / 4 | |
| 3.35.0 | 20 / 4 | |
| 3.34.11 | 20 / 4 | |
| 3.34.10 | 20 / 4 | |
| 3.34.6 | 20 / 4 | |
| 3.34.5 | 20 / 4 | |
| 3.34.2 | 19 / 4 | |
| 3.34.0 | 19 / 4 | |
| 3.33.4 | 19 / 4 | |
| 3.32.5 | 19 / 4 | |
| 3.32.0 | 19 / 4 | |
| 3.31.9 | 19 / 4 | |
| 3.31.8 | 19 / 4 | |
| 3.31.5 | 19 / 4 | |
| 3.31.2 | 19 / 4 | |
| 3.31.1 | 19 / 4 | |
| 3.31.0 | 19 / 4 | |
| 3.30.6 | 19 / 4 | |
| 3.30.5 | 19 / 4 | |
| 3.30.4 | 19 / 4 | |
| 3.30.0 | 19 / 4 | |
| 3.28.3 | 19 / 4 | |
| 3.28.1 | 19 / 4 | |
| 3.28.0 | 19 / 4 | |
| 3.27.4 | 19 / 4 | |
| 3.26.3 | 19 / 4 | |
| 3.26.2 | 19 / 4 | |
| 3.26.1 | 19 / 3 | |
| 3.26.0 | 19 / 3 | |
| 3.25.4 | 19 / 3 | |
| 3.25.2 | 19 / 3 | |
| 3.25.0 | 19 / 3 | |
| 3.24.8 | 19 / 3 | |
| 3.24.7 | 19 / 3 | |
| 3.24.6 | 19 / 3 | |
| 3.24.4 | 19 / 3 | |
| 3.24.3 | 19 / 3 | |
| 3.24.2 | 19 / 3 | |
| 3.23.48 | 18 / 3 | |
| 3.23.47 | 18 / 3 | |
| 3.23.38 | 18 / 3 | |
| 3.23.37 | 18 / 3 | |
| 3.23.34 | 18 / 3 | |
| 3.23.33 | 18 / 3 |
v3.37.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.37.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.36.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.36.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.35.10
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.35.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.35.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.35.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.34.11
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.34.10
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.34.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.34.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.34.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.34.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.33.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.32.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.32.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.31.9
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.31.8
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.31.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.31.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.31.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.31.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.30.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.30.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.30.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.30.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.28.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.28.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.28.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.27.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.26.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.26.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.26.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.26.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.25.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.25.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.25.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.24.8
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.24.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.24.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.24.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.24.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.24.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.23.48
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.23.47
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.23.38
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.23.37
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.23.34
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.23.33
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.