@cloud-ru/uikit-product-mobile-fields
## Installation `npm i @cloud-ru/uikit-product-mobile-fields`
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | large-new-source-files | AI (source-diff): Growing UI component library; large file additions reflect feature expansion, not injected payloads. | ai | |
| source-diff | source-size-tripled | AI (source-diff): Size growth consistent with component library expansion; no malware indicators present. | ai |
Versions (showing 17 of 17)
| Version | Deps | Published |
|---|---|---|
| 2.1.4 | 18 / 2 | |
| 2.1.3 | 18 / 2 | |
| 2.1.2 | 18 / 2 | |
| 2.1.1 | 18 / 2 | |
| 2.1.0 | 18 / 2 | |
| 2.0.15 | 18 / 2 | |
| 2.0.14 | 18 / 2 | |
| 2.0.13 | 18 / 2 | |
| 2.0.8 | 18 / 2 | |
| 2.0.5 | 18 / 2 | |
| 2.0.3 | 18 / 2 | |
| 0.12.2 | 18 / 2 | |
| 0.11.31 | 18 / 2 | |
| 0.11.28 | 18 / 2 | |
| 0.11.27 | 18 / 2 | |
| 0.11.25 | 18 / 2 | |
| 0.11.24 | 18 / 2 |
v2.1.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.15
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.14
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.0.13
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.0.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.11.31
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.11.28
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.11.27
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.11.25
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.11.24
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.