@deijose/nix-js — Greenflagged

A lightweight, fully reactive micro-framework — no virtual DOM, no compiler, just signals and tagged templates.

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

deijose

Keywords

reactivesignalsmicro-frameworkuidomtypescriptno-vdomfrontend

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	no-provenance	AI (provenance): Small personal package; lack of Sigstore provenance is consistent across versions and not a disqualifier here.	ai	2026/05/05
source-diff	obfuscated-file:dist/lib/devtools.cjs	AI (source-diff): Terser-minified build output per build:lib script; content is framework devtools logic.	ai	2026/05/01
source-diff	obfuscated-file:dist/lib/signals.cjs	AI (source-diff): Terser-minified build output; content is signals/reactivity logic.	ai	2026/05/01
source-diff	obfuscated-file:dist/lib/devtools.js	AI (source-diff): Terser-minified build output; ESM variant of devtools.	ai	2026/05/01
source-diff	obfuscated-file:dist/lib/signals.js	AI (source-diff): Terser-minified build output; ESM variant of signals.	ai	2026/05/01
source-diff	large-new-source-files	AI (source-diff): 26 new files match the expanded exports map in package.json; expected for a major version bump.	ai	2026/05/01
source-diff	obfuscated-file:dist/lib/form.cjs	AI (source-diff): Terser minification via build:lib script; content is form validation logic, not malicious.	ai	2026/05/01
source-diff	obfuscated-file:dist/lib/router.cjs	AI (source-diff): Terser minification via build:lib script; content is router logic, not malicious.	ai	2026/05/01
source-diff	obfuscated-file:dist/lib/template2.cjs	AI (source-diff): Terser minification via build:lib script; content is template/component lifecycle logic.	ai	2026/05/01
source-diff	obfuscated-file:dist/lib/form.js	AI (source-diff): Terser minification via build:lib script; ESM equivalent of form.cjs.	ai	2026/05/01
source-diff	obfuscated-file:dist/lib/router.js	AI (source-diff): Terser minification via build:lib script; ESM equivalent of router.cjs.	ai	2026/05/01
source-diff	obfuscated-file:dist/lib/template2.js	AI (source-diff): Terser minification via build:lib script; ESM equivalent of template2.cjs.	ai	2026/05/01

Versions (showing 51 of 77)

View all versions

Version	Deps	Published
2.4.6	0 / 6	2026-04-28
2.4.5	0 / 6	2026-04-28
2.4.4	0 / 6	2026-04-28
2.4.3	0 / 6	2026-04-28
2.4.2	0 / 6	2026-04-28
2.4.1	0 / 6	2026-04-28
2.4.0	0 / 6	2026-04-28
2.3.0	0 / 6	2026-04-28
2.2.2	0 / 6	2026-04-17
2.2.1	0 / 6	2026-04-17
2.2.0	0 / 6	2026-04-16
2.1.0	0 / 6	2026-04-12
2.0.2	0 / 6	2026-04-08
2.0.1	0 / 6	2026-04-08
2.0.0	0 / 6	2026-04-08
1.9.7	0 / 6	2026-04-08
1.9.5	0 / 6	2026-04-08
1.9.4	0 / 6	2026-04-08
1.9.3	0 / 6	2026-04-08
1.9.2	0 / 6	2026-04-08
1.9.1	0 / 6	2026-04-08
1.9.0	0 / 6	2026-04-08
1.8.1	0 / 6	2026-04-07
1.8.0	0 / 5	2026-04-07
1.7.9	0 / 5	2026-03-19
1.7.8	0 / 5	2026-03-19
1.7.7	0 / 5	2026-03-17
1.7.6	0 / 5	2026-03-16
1.7.5	0 / 5	2026-03-16
1.7.3	0 / 5	2026-03-14
1.7.2	0 / 5	2026-03-13
1.7.1	0 / 5	2026-03-13
1.7.0	0 / 5	2026-03-13
1.6.1	0 / 5	2026-03-13
1.6.0	0 / 5	2026-03-13
1.5.9	0 / 5	2026-03-13
1.5.8	0 / 5	2026-03-13
1.5.7	0 / 5	2026-03-13
1.5.6	0 / 5	2026-03-12
1.5.5	0 / 5	2026-03-12
1.5.4	0 / 5	2026-03-12
1.5.3	0 / 5	2026-03-12
1.5.2	0 / 5	2026-03-12
1.5.0	0 / 5	2026-03-11
1.4.0	0 / 5	2026-03-11
1.3.0	0 / 5	2026-03-10
1.2.0	0 / 5	2026-03-10
1.1.3	0 / 5	2026-03-08
1.1.2	0 / 5	2026-03-08
1.1.1	0 / 5	2026-03-08
1.1.0	0 / 5	2026-03-08