@descope/user-management-widget
Descope user management widget
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:immer | AI (phantom-deps): Bundled via @reduxjs/toolkit; not directly imported but legitimately used transitively. | ai | |
| phantom-deps | phantom-dep:tslib | AI (phantom-deps): Known implicit TypeScript runtime dep; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:reselect | AI (phantom-deps): Used via @reduxjs/toolkit; config-referenced, not directly imported. | ai | |
| phantom-deps | phantom-dep:redux-thunk | AI (phantom-deps): Used via @reduxjs/toolkit; config-referenced, not directly imported. | ai | |
| phantom-deps | phantom-dep:libphonenumber-js | AI (phantom-deps): Declared runtime dep; phantom-dep heuristic false positive for this package. | ai | |
| phantom-deps | phantom-dep:@descope/web-js-sdk | AI (phantom-deps): Same-org monorepo dep; stable false positive. | ai | |
| phantom-deps | phantom-dep:@descope/sdk-helpers | AI (phantom-deps): Same-org monorepo dep; stable false positive. | ai |
Versions (showing 48 of 48)
| Version | Deps | Published |
|---|---|---|
| 0.13.3 | 12 / 49 | |
| 0.13.2 | 12 / 49 | |
| 0.13.1 | 12 / 49 | |
| 0.13.0 | 12 / 49 | |
| 0.12.1 | 12 / 49 | |
| 0.12.0 | 12 / 49 | |
| 0.11.27 | 12 / 49 | |
| 0.11.26 | 12 / 49 | |
| 0.11.25 | 12 / 49 | |
| 0.11.24 | 12 / 49 | |
| 0.11.23 | 12 / 49 | |
| 0.10.1 | 12 / 49 | |
| 0.9.21 | 12 / 49 | |
| 0.9.19 | 12 / 49 | |
| 0.9.18 | 12 / 49 | |
| 0.9.17 | 12 / 49 | |
| 0.9.16 | 12 / 49 | |
| 0.9.15 | 12 / 49 | |
| 0.9.14 | 12 / 49 | |
| 0.9.13 | 12 / 49 | |
| 0.9.12 | 12 / 49 | |
| 0.9.11 | 12 / 49 | |
| 0.9.10 | 12 / 49 | |
| 0.9.9 | 12 / 49 | |
| 0.9.8 | 12 / 49 | |
| 0.9.7 | 12 / 49 | |
| 0.9.6 | 12 / 49 | |
| 0.9.5 | 12 / 49 | |
| 0.9.4 | 12 / 49 | |
| 0.9.3 | 12 / 49 | |
| 0.9.2 | 12 / 49 | |
| 0.9.1 | 12 / 49 | |
| 0.9.0 | 12 / 49 | |
| 0.8.2 | 11 / 49 | |
| 0.8.1 | 11 / 49 | |
| 0.8.0 | 11 / 48 | |
| 0.7.32 | 11 / 48 | |
| 0.7.31 | 11 / 48 | |
| 0.7.30 | 11 / 48 | |
| 0.7.29 | 11 / 48 | |
| 0.7.28 | 11 / 48 | |
| 0.7.27 | 11 / 48 | |
| 0.7.26 | 11 / 48 | |
| 0.7.25 | 11 / 48 | |
| 0.7.24 | 11 / 48 | |
| 0.7.23 | 11 / 48 | |
| 0.7.22 | 11 / 48 | |
| 0.7.21 | 11 / 48 |
v0.13.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.13.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.13.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.13.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.12.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.11.27
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.11.26
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.11.25
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.11.24
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.11.23
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.10.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.21
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.19
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.18
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.17
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.16
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.15
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.14
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.13
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.12
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.11
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.10
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.9
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.8
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.8.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.8.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.8.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.7.32
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.7.31
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.7.30
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.7.29
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.7.28
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.7.27
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.7.26
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.7.25
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.7.24
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.7.23
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.7.22
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.7.21
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.