@byline/ui — Greenflagged

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

infonomic258bits

Keywords

cmsheadless cmscontent management

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	no-provenance	AI (provenance): Established org package with clean history; provenance absence is a process gap, not a security signal.	ai	2026/05/12
typosquat	typosquat.levenshtein:pg	AI (typosquat): Scoped CMS package; Levenshtein match to pg is a false positive.	ai	2026/05/12
typosquat	typosquat.levenshtein:qs	AI (typosquat): Scoped CMS package; Levenshtein match to qs is a false positive.	ai	2026/05/12
typosquat	typosquat.levenshtein:joi	AI (typosquat): Scoped CMS package; Levenshtein match to joi is a false positive.	ai	2026/05/12
typosquat	typosquat.levenshtein:yup	AI (typosquat): Scoped CMS package; Levenshtein match to yup is a false positive.	ai	2026/05/12
typosquat	typosquat.levenshtein:uuid	AI (typosquat): Scoped CMS package; Levenshtein match to uuid is a false positive.	ai	2026/05/12
phantom-deps	phantom-dep:npm-run-all	AI (phantom-deps): Used in scripts (run-s/run-p), not imported in source code; stable false positive.	ai	2026/05/12
phantom-deps	phantom-dep:zod-form-data	AI (phantom-deps): Referenced in config/build files; stable false positive for this package.	ai	2026/05/12
phantom-deps	phantom-dep:@dnd-kit/modifiers	AI (phantom-deps): UI component library; likely re-exported or used indirectly; stable false positive.	ai	2026/05/12
phantom-deps	phantom-dep:@dnd-kit/utilities	AI (phantom-deps): UI component library; likely re-exported or used indirectly; stable false positive.	ai	2026/05/12
phantom-deps	phantom-dep:@byline/client	AI (phantom-deps): Same-org sibling dep; used as a peer/re-export, not directly imported in source.	ai	2026/05/12

Versions (showing 51 of 66)

View all versions

Version	Deps	Published
3.3.0	12 / 17	2026-06-07
3.2.1	12 / 17	2026-06-04
3.2.0	12 / 17	2026-06-04
3.1.1	12 / 17	2026-06-03
3.1.0	12 / 17	2026-06-03
3.0.2	12 / 17	2026-06-02
3.0.1	12 / 17	2026-06-02
3.0.0	12 / 17	2026-06-01
2.7.0	12 / 17	2026-05-30
2.6.1	12 / 17	2026-05-30
2.6.0	12 / 17	2026/05/28
2.5.2	16 / 19	2026-05-26
2.5.1	16 / 19	2026-05-26
2.5.0	16 / 19	2026-05-25
2.4.4	16 / 19	2026-05-25
2.4.3	16 / 19	2026-05-23
2.4.2	16 / 19	2026-05-23
2.4.1	16 / 19	2026-05-23
2.4.0	18 / 19	2026-05-23
2.3.3	18 / 19	2026-05-23
2.3.2	18 / 19	2026-05-22
2.3.1	18 / 19	2026-05-22
2.3.0	18 / 19	2026-05-22
2.2.10	18 / 19	2026-05-22
2.2.9	18 / 19	2026-05-22
2.2.8	18 / 19	2026-05-21
2.2.7	18 / 19	2026-05-21
2.2.6	18 / 19	2026-05-20
2.2.5	18 / 19	2026-05-20
2.2.4	18 / 19	2026-05-20
2.2.3	18 / 19	2026-05-20
2.2.2	18 / 19	2026-05-19
2.2.1	18 / 19	2026-05-19
2.2.0	18 / 19	2026-05-19
2.1.3	18 / 19	2026/05/18
2.1.2	18 / 19	2026-05-18
2.1.1	18 / 19	2026-05-18
2.1.0	18 / 19	2026-05-18
1.12.2	18 / 19	2026-05-17
1.12.1	18 / 19	2026-05-16
1.12.0	18 / 19	2026-05-16
1.11.2	18 / 19	2026-05-13
1.11.1	18 / 19	2026-05-13
1.11.0	18 / 19	2026-05-13
1.10.3	18 / 19	2026-05-13
1.10.2	18 / 19	2026-05-13
1.10.1	18 / 19	2026-05-11
1.9.1	18 / 19	2026-05-11
1.9.0	18 / 19	2026-05-10
1.8.1	18 / 19	2026-05-10
1.8.0	18 / 19	2026-05-10