← Home

@cofhe/react

npm Repository Homepage

React component and hook for the CoFHE SDK - featuring the advanced CofheEncryptInput component.

5
Versions
MIT
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

tovi-fhefhenixprotocolrogue-rotkoskytoml-fhenix

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
source-diff obfuscated-file:dist/ui-base.cjs AI (source-diff): Standard tsup minified bundle output; source maps shipped alongside confirm legitimate build artifact. ai
source-diff obfuscated-file:dist/ui-base.js AI (source-diff): Standard tsup minified bundle output; source maps shipped alongside confirm legitimate build artifact. ai
publish-pattern rapid-publish AI (publish-pattern): CI/CD automated publishing with SLSA provenance; rapid publish is expected for this pipeline. ai
phantom-deps phantom-dep:clsx AI (phantom-deps): clsx is a legitimate runtime dep used via utility functions; phantom-dep heuristic fires on indirect usage patterns. ai
phantom-deps phantom-dep:@radix-ui/react-dropdown-menu AI (phantom-deps): Radix UI dropdown is a legitimate runtime dep; phantom-dep heuristic fires on indirect usage patterns. ai
phantom-deps phantom-dep:tailwind-merge AI (phantom-deps): tailwind-merge is a legitimate runtime dep; phantom-dep heuristic fires on indirect usage patterns. ai
phantom-deps phantom-dep:@radix-ui/react-select AI (phantom-deps): Radix UI select is a legitimate runtime dep; phantom-dep heuristic fires on indirect usage patterns. ai

Versions (showing 5 of 5)

Version Deps Published
0.5.2 16 / 17
0.5.1 16 / 17
0.5.0 16 / 17
0.2.0 12 / 23
0.1.0 3 / 8

v0.5.2

3 findings
HIGH New obfuscated file: dist/ui-base.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/ui-base.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.5.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.