← Home

@data-fair/app-charts

npm Homepage

A simple charts application for data-fair

8
Versions
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

albanmbonnel-nbatledev

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
phantom-deps phantom-dep:chartjs-plugin-datalabels AI (phantom-deps): Chart.js plugin; config-file usage is expected. ai
phantom-deps phantom-dep:chroma-js AI (phantom-deps): Config-file referenced; stable for this package. ai
phantom-deps phantom-dep:@vueuse/core AI (phantom-deps): Config-file referenced; stable for this package. ai
phantom-deps phantom-dep:natural-orderby AI (phantom-deps): Config-file referenced; stable for this package. ai
phantom-deps phantom-dep:@data-fair/lib-utils AI (phantom-deps): Same-org scoped dependency; typical for monorepo-style packages. ai
phantom-deps phantom-dep:@data-fair/lib-vuetify AI (phantom-deps): Same-org scoped dependency; typical for monorepo-style packages. ai
phantom-deps phantom-dep:chartjs-adapter-dayjs-4 AI (phantom-deps): Chart.js plugin; config-file usage is expected. ai
phantom-deps phantom-dep:ofetch AI (phantom-deps): Config-file referenced; stable for this package. ai
phantom-deps phantom-dep:vuetify AI (phantom-deps): UI framework; imported via config and vite plugin setup. ai
phantom-deps phantom-dep:chart.js AI (phantom-deps): Charting library; imported transitively through vue-chartjs. ai
phantom-deps phantom-dep:vue-chartjs AI (phantom-deps): Vue wrapper for chart.js; imported via config. ai
phantom-deps phantom-dep:dayjs AI (phantom-deps): Date library; imported via chart adapter config. ai
phantom-deps phantom-dep:@data-fair/lib-vue AI (phantom-deps): Same-org dependency; imported transitively through lib-vuetify. ai
phantom-deps phantom-dep:vue AI (phantom-deps): Vue framework; imported via config and transitively through app setup. ai

Versions (showing 8 of 8)

Version Deps Published
1.3.2 15 / 21
1.3.1 15 / 21
1.3.0 15 / 21
1.2.24 15 / 19
1.2.23 15 / 19
1.2.22 15 / 19
1.2.21 14 / 19
1.2.20 14 / 20

v1.3.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.3.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.3.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.2.24

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.2.23

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.2.22

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.2.21

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.2.20

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.