@contractspec/bundle.marketing
**Marketing composition bundle for the public ContractSpec site: landing narratives, product/templates/examples/pricing pages, support pages, and email-facing marketing helpers.**
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| bogus-package | bogus-package | AI (bogus-package): Internal monorepo bundle; missing metadata is expected for org-scoped packages across 63 versions. | ai | |
| phantom-deps | phantom-dep:@contractspec/example.pocket-family-office | AI (phantom-deps): Same-org phantom dep in a monorepo bundle; pattern is stable across versions. | ai | |
| phantom-deps | phantom-dep:@contractspec/example.finance-ops-ai-workflows | AI (phantom-deps): Same-org phantom dep in a monorepo bundle; pattern is stable across versions. | ai | |
| phantom-deps | phantom-dep:@contractspec/example.wealth-snapshot | AI (phantom-deps): Same-org monorepo dep referenced in config; stable false positive. | ai | |
| phantom-deps | phantom-dep:@contractspec/example.form-showcase | AI (phantom-deps): Same-org monorepo workspace dep; not directly imported by design. | ai | |
| phantom-deps | phantom-dep:@contractspec/example.policy-safe-knowledge-assistant | AI (phantom-deps): Same-org monorepo workspace dep; not directly imported by design. | ai | |
| phantom-deps | phantom-dep:@contractspec/example.integration-hub | AI (phantom-deps): Same-org package; monorepo bundle pattern. | ai | |
| phantom-deps | phantom-dep:@contractspec/example.workflow-system | AI (phantom-deps): Same-org package; monorepo bundle pattern. | ai | |
| phantom-deps | phantom-dep:@contractspec/example.saas-boilerplate | AI (phantom-deps): Same-org package; monorepo bundle pattern. | ai | |
| phantom-deps | phantom-dep:@contractspec/example.ai-chat-assistant | AI (phantom-deps): Same-org package; monorepo bundle pattern. | ai | |
| phantom-deps | phantom-dep:@contractspec/example.data-grid-showcase | AI (phantom-deps): Same-org package; monorepo bundle pattern. | ai | |
| phantom-deps | phantom-dep:@contractspec/example.analytics-dashboard | AI (phantom-deps): Same-org package; monorepo bundle pattern. | ai | |
| phantom-deps | phantom-dep:@contractspec/example.visualization-showcase | AI (phantom-deps): Same-org package; monorepo bundle pattern. | ai | |
| phantom-deps | phantom-dep:@contractspec/example.learning-journey-registry | AI (phantom-deps): Same-org package; monorepo bundle pattern. | ai | |
| phantom-deps | phantom-dep:@contractspec/example.agent-console | AI (phantom-deps): Same-org package; monorepo bundle pattern. | ai | |
| phantom-deps | phantom-dep:@contractspec/example.crm-pipeline | AI (phantom-deps): Same-org package; monorepo bundle pattern. | ai | |
| phantom-deps | phantom-dep:@contractspec/example.marketplace | AI (phantom-deps): Same-org package; monorepo bundle pattern. | ai | |
| phantom-deps | phantom-dep:@contractspec/example.in-app-docs | AI (phantom-deps): Same-org package; monorepo bundle pattern. | ai | |
| phantom-deps | phantom-dep:@contractspec/lib.ui-link | AI (phantom-deps): Same-org monorepo dep; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@contractspec/lib.runtime-sandbox | AI (phantom-deps): Same-org monorepo dep; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:zod | AI (phantom-deps): Monorepo bundle; declared as peer/config dep, not directly imported. | ai | |
| phantom-deps | phantom-dep:framer-motion | AI (phantom-deps): Monorepo bundle; declared as peer/config dep, not directly imported. | ai | |
| phantom-deps | phantom-dep:react-hook-form | AI (phantom-deps): Monorepo bundle; declared as peer/config dep, not directly imported. | ai | |
| phantom-deps | phantom-dep:@hookform/resolvers | AI (phantom-deps): Monorepo bundle; declared as peer/config dep, not directly imported. | ai | |
| phantom-deps | phantom-dep:@electric-sql/pglite | AI (phantom-deps): Monorepo bundle; declared as peer/config dep, not directly imported. | ai | |
| phantom-deps | phantom-dep:@contractspec/lib.email | AI (phantom-deps): Same-org monorepo dep; stable false positive for this package. | ai |
Versions (showing 16 of 16)
| Version | Deps | Published |
|---|---|---|
| 3.8.26 | 41 / 4 | |
| 3.8.25 | 41 / 4 | |
| 3.8.24 | 41 / 4 | |
| 3.8.23 | 41 / 4 | |
| 3.8.22 | 41 / 4 | |
| 3.8.21 | 41 / 4 | |
| 3.8.20 | 38 / 4 | |
| 3.8.19 | 37 / 4 | |
| 3.8.18 | 37 / 4 | |
| 3.8.17 | 37 / 4 | |
| 3.8.16 | 37 / 4 | |
| 3.8.15 | 34 / 4 | |
| 3.8.13 | 34 / 4 | |
| 3.8.12 | 34 / 4 | |
| 3.8.11 | 34 / 4 | |
| 1.12.0 | 29 / 5 |
v3.8.26
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.8.25
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.8.24
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.8.23
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.8.18
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.12.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.