← Home

@c8y/cockpit

npm

This package is used to scaffold a cockpit application for Cumulocity IoT.

8
Versions
Apache-2.0
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

c8y

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
dependencies unvetted-dep:angular AI (dependencies): AngularJS 1.8.3 is a known framework dep used for ng1/ng2 hybrid upgrade pattern in this Cumulocity package. ai
dependencies unvetted-dep:@angular/upgrade AI (dependencies): Standard Angular upgrade module for ng1/ng2 hybrid; expected dependency for this scaffolding package. ai
phantom-deps phantom-dep:@c8y/style AI (phantom-deps): Same-org sibling dep; loaded by build tooling, not direct import. ai
phantom-deps phantom-dep:@c8y/client AI (phantom-deps): Same-org sibling dep; loaded by build tooling, not direct import. ai
phantom-deps phantom-dep:@angular/cdk AI (phantom-deps): Framework-scoped package loaded by convention in Angular apps. ai
phantom-deps phantom-dep:rxjs AI (phantom-deps): Framework scaffold; rxjs loaded transitively by Angular, not directly imported. ai
phantom-deps phantom-dep:ngx-bootstrap AI (phantom-deps): Loaded via Angular module convention, not direct import. ai
phantom-deps phantom-dep:@c8y/html-repo AI (phantom-deps): Same-org sibling dep; loaded by build tooling, not direct import. ai
phantom-deps phantom-dep:monaco-editor AI (phantom-deps): Editor loaded via config/lazy loading, not direct import; expected for scaffold packages. ai
phantom-deps phantom-dep:angular AI (phantom-deps): AngularJS loaded by convention in hybrid Angular app; not directly imported. ai

Versions (showing 8 of 8)

Version Deps Published
1023.80.2 12 / 2
1023.80.0 12 / 2
1023.79.1 12 / 2
1023.78.7 12 / 2
1023.78.5 12 / 2
1023.76.0 12 / 2
1023.14.154 12 / 2
1023.14.132 12 / 2

v1023.80.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1023.80.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1023.79.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1023.78.7

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1023.78.5

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1023.14.154

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1023.14.132

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.