← Home

@contractspec/lib.ui-kit

npm Repository Homepage

Cross-platform UI components for React Native and web

51
Versions
MIT
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

farzim

Keywords

contractspecuicomponentsreact-nativeexpotypescript

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
phantom-deps phantom-dep:echarts AI (phantom-deps): UI kit with charting support; config-file reference is expected peer-dep pattern. ai
phantom-deps phantom-dep:@react-native-community/datetimepicker AI (phantom-deps): Platform-specific RN peer dep; stable pattern. ai
phantom-deps phantom-dep:react-native-safe-area-context AI (phantom-deps): Platform-specific RN peer dep; stable pattern. ai
phantom-deps phantom-dep:react-native-gesture-handler AI (phantom-deps): Platform-specific RN peer dep; stable pattern. ai
phantom-deps phantom-dep:@rn-primitives/aspect-ratio AI (phantom-deps): RN primitives peer dep; stable pattern for this UI kit. ai
phantom-deps phantom-dep:@wuba/react-native-echarts AI (phantom-deps): Platform-specific RN charting peer dep; stable pattern. ai
phantom-deps phantom-dep:@rn-primitives/collapsible AI (phantom-deps): RN primitives peer dep; stable pattern for this UI kit. ai
phantom-deps phantom-dep:react-native-reanimated AI (phantom-deps): Platform-specific RN peer dep; stable pattern. ai
phantom-deps phantom-dep:@rn-primitives/checkbox AI (phantom-deps): RN primitives peer dep; stable pattern for this UI kit. ai
phantom-deps phantom-dep:@rn-primitives/tabs AI (phantom-deps): RN primitives are peer deps for this React Native UI kit. ai
phantom-deps phantom-dep:@rn-primitives/slot AI (phantom-deps): RN primitives are peer deps for this React Native UI kit. ai
phantom-deps phantom-dep:lucide-react AI (phantom-deps): Icon library referenced in config; stable peer-dep pattern for this UI kit. ai
phantom-deps phantom-dep:nativewind AI (phantom-deps): React Native UI kit; nativewind is a standard styling peer dep. ai
phantom-deps phantom-dep:expo-linear-gradient AI (phantom-deps): Platform-specific Expo dep; config-only reference, stable false positive. ai
phantom-deps phantom-dep:@react-native-async-storage/async-storage AI (phantom-deps): Platform-specific RN binary; stable false positive. ai
phantom-deps phantom-dep:react-native-device-info AI (phantom-deps): Platform-specific RN binary; stable false positive. ai
phantom-deps phantom-dep:react-native-localize AI (phantom-deps): Platform-specific RN binary; stable false positive. ai
phantom-deps phantom-dep:expo-build-properties AI (phantom-deps): Build-config-only Expo dep; stable false positive. ai
phantom-deps phantom-dep:@rn-primitives/portal AI (phantom-deps): Config-only reference in cross-platform UI kit; stable false positive. ai
phantom-deps phantom-dep:react-native-screens AI (phantom-deps): Platform-specific RN binary; stable false positive for this package. ai
phantom-deps phantom-dep:tailwindcss-animate AI (phantom-deps): Config-only reference in a cross-platform UI kit; stable false positive. ai
source-diff obfuscated-file:dist/browser/ui/input-otp.js AI (source-diff): Standard Bun-minified React Native UI component; no malicious patterns. ai
source-diff obfuscated-file:dist/browser/ui/combobox.js AI (source-diff): Standard Bun-minified React Native UI component; no malicious patterns. ai
source-diff obfuscated-file:dist/browser/ui/input-group.js AI (source-diff): Standard Bun-minified React Native UI component; no malicious patterns. ai
source-diff obfuscated-file:dist/browser/ui/native-select.js AI (source-diff): Standard Bun-minified React Native UI component; no malicious patterns. ai
source-diff obfuscated-file:dist/ui/combobox.js AI (source-diff): Standard Bun-minified React Native UI component; no malicious patterns. ai
source-diff obfuscated-file:dist/ui/input-group.js AI (source-diff): Standard Bun-minified React Native UI component; no malicious patterns. ai
source-diff obfuscated-file:dist/ui/input-otp.js AI (source-diff): Standard Bun-minified React Native UI component; no malicious patterns. ai
source-diff obfuscated-file:dist/ui/native-select.js AI (source-diff): Standard Bun-minified React Native UI component; no malicious patterns. ai
phantom-deps phantom-dep:expo AI (phantom-deps): Expo/RN UI kit; expo is a peer/platform dep referenced in config, not directly imported. ai
phantom-deps phantom-dep:expo-navigation-bar AI (phantom-deps): Expo platform dep; config-referenced pattern. ai
phantom-deps phantom-dep:expo-device AI (phantom-deps): Expo platform dep; config-referenced pattern stable for this package. ai
phantom-deps phantom-dep:react-dom AI (phantom-deps): Web target peer dep for cross-platform UI kit. ai
phantom-deps phantom-dep:burnt AI (phantom-deps): Platform-specific dep for RN toast notifications; config-referenced pattern. ai
phantom-deps phantom-dep:expo-secure-store AI (phantom-deps): Expo platform dep; config-referenced pattern. ai
phantom-deps phantom-dep:expo-localization AI (phantom-deps): Expo platform dep; config-referenced pattern. ai
phantom-deps phantom-dep:react-native-web AI (phantom-deps): Platform-specific dep for web target; stable false positive. ai
phantom-deps phantom-dep:react-native-svg AI (phantom-deps): Platform-specific binary dep for RN; stable false positive for this package. ai
phantom-deps phantom-dep:expo-web-browser AI (phantom-deps): Expo platform dep; config-referenced pattern. ai
phantom-deps phantom-dep:expo-file-system AI (phantom-deps): Expo platform dep; config-referenced pattern. ai
phantom-deps phantom-dep:expo-application AI (phantom-deps): Expo platform dep; config-referenced pattern. ai
phantom-deps phantom-dep:expo-status-bar AI (phantom-deps): Expo platform dep; config-referenced pattern. ai
phantom-deps phantom-dep:expo-dev-client AI (phantom-deps): Expo platform dep; config-referenced pattern. ai
phantom-deps phantom-dep:expo-system-ui AI (phantom-deps): Expo platform dep; config-referenced pattern. ai
phantom-deps phantom-dep:expo-constants AI (phantom-deps): Expo platform dep; config-referenced pattern. ai
phantom-deps phantom-dep:expo-updates AI (phantom-deps): Expo platform dep; config-referenced pattern. ai
phantom-deps phantom-dep:expo-linking AI (phantom-deps): Expo platform dep; config-referenced pattern. ai
phantom-deps phantom-dep:tailwindcss AI (phantom-deps): Build-time styling dep; config-referenced, not directly imported. ai
phantom-deps phantom-dep:expo-splash-screen AI (phantom-deps): Expo platform dep; config-referenced pattern. ai
phantom-deps phantom-dep:@react-navigation/native AI (phantom-deps): Config-only reference in a React Native UI kit. ai
phantom-deps phantom-dep:tailwind-merge AI (phantom-deps): Config-only reference; consistent with tailwind-based UI kit pattern. ai
phantom-deps phantom-dep:react-use AI (phantom-deps): Config-only reference in a React Native UI kit; not a real missing import. ai
phantom-deps phantom-dep:@contractspec/lib.contracts-spec AI (phantom-deps): Same-org dep; phantom-dep heuristic unreliable for monorepo packages. ai

Versions (showing 51 of 79)

View all versions
Version Deps Published
4.1.6 8 / 75
4.1.5 8 / 75
4.1.4 8 / 75
4.1.3 8 / 75
4.1.2 8 / 75
4.1.1 8 / 75
4.1.0 8 / 75
4.0.1 8 / 76
4.0.0 8 / 76
3.9.3 79 / 5
3.9.1 78 / 5
3.9.0 78 / 5
3.8.10 75 / 5
3.8.9 75 / 5
3.8.8 75 / 5
3.8.7 75 / 5
3.8.6 75 / 5
3.8.5 75 / 5
3.8.3 75 / 5
3.8.0 75 / 5
3.7.6 71 / 5
3.7.5 71 / 5
3.7.4 71 / 5
3.7.3 71 / 5
3.7.1 71 / 5
3.7.0 71 / 5
3.6.0 71 / 5
3.5.5 71 / 5
3.5.4 71 / 5
3.5.3 71 / 5
3.5.2 71 / 5
3.5.0 71 / 5
3.4.3 71 / 5
3.4.2 71 / 5
3.4.1 71 / 5
3.4.0 71 / 5
3.3.0 71 / 5
3.2.0 71 / 5
3.1.1 71 / 5
3.0.0 71 / 5
2.9.0 71 / 5
2.8.0 71 / 5
2.7.0 71 / 5
2.6.0 71 / 5
2.5.0 71 / 5
2.4.0 71 / 5
2.3.0 71 / 5
2.2.0 71 / 5
2.1.0 71 / 5
2.0.0 71 / 5
1.62.0 71 / 5

v4.1.6

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.1.5

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.9.3

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.8.9

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.8.8

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.8.7

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.8.6

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.8.5

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.8.3

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.8.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.7.6

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.7.5

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.7.4

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.7.3

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.7.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.7.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.6.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.5.5

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.5.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.5.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.5.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.5.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.4.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.4.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.4.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.4.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.3.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.2.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.1.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.0.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.9.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.8.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.7.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.6.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.5.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.4.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.3.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.2.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.1.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.62.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.