@carbon-labs/react-animated-header
Carbon Labs - Animated Header
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | large-new-source-files | AI (source-diff): New files are animation asset type declarations; consistent with this package's pattern of bundled Lottie JSON assets. | ai | |
| phantom-deps | phantom-dep:lottie-web | AI (phantom-deps): lottie-web is a declared runtime dep for an animation component; indirect/config-driven usage is expected. | ai | |
| install-scripts | install-script:postinstall | AI (install-scripts): IBM telemetry postinstall is standard across Carbon Labs packages; not malicious. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Component library README with links is not a link farm; no keywords is common for scoped component packages. | ai | |
| phantom-deps | phantom-dep:@ibm/telemetry-js | AI (phantom-deps): Used via postinstall CLI, not direct import; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:jest-canvas-mock | AI (phantom-deps): Test utility referenced in config files, not imported directly; stable false positive. | ai |
Versions (showing 24 of 24)
| Version | Deps | Published |
|---|---|---|
| 0.53.0 | 3 / 1 | |
| 0.52.0 | 3 / 1 | |
| 0.51.0 | 3 / 1 | |
| 0.50.0 | 3 / 1 | |
| 0.48.0 | 3 / 1 | |
| 0.46.0 | 3 / 1 | |
| 0.45.0 | 3 / 1 | |
| 0.44.0 | 3 / 1 | |
| 0.43.0 | 3 / 1 | |
| 0.42.0 | 3 / 1 | |
| 0.40.0 | 3 / 1 | |
| 0.39.0 | 3 / 1 | |
| 0.38.0 | 3 / 1 | |
| 0.37.0 | 3 / 1 | |
| 0.35.0 | 3 / 1 | |
| 0.34.0 | 3 / 1 | |
| 0.33.0 | 3 / 1 | |
| 0.30.0 | 3 / 1 | |
| 0.28.0 | 3 / 1 | |
| 0.27.0 | 3 / 1 | |
| 0.26.0 | 3 / 1 | |
| 0.22.0 | 3 / 1 | |
| 0.20.0 | 3 / 1 | |
| 0.19.0 | 3 / 1 |
v0.53.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.52.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.51.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.50.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.48.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.46.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.45.0
2 findingsScript: ibmtelemetry --config=telemetry.yml
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.44.0
2 findingsScript: ibmtelemetry --config=telemetry.yml
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.43.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.42.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.40.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.39.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.38.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.37.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.35.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.34.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.33.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.30.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.
v0.28.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.
v0.27.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.
v0.26.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.
v0.22.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.
v0.20.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.
v0.19.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.