@developer-overheid-nl/proprietary-example See LICENSE.md 2 versions

@developer-overheid-nl/proprietary-example

npm

Placeholder assets for the proprietary assets for register sites based of the template register site

Versions

See LICENSE.md

License

Install Scripts

Missing

Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

joostfarlapasibunsetonix

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
bogus-package	bogus-package	AI (bogus-package): Package is an intentional placeholder/template stub; sparse metadata is by design, not spam.	ai	2026/04/30
phantom-deps	phantom-dep:react	AI (phantom-deps): React is a peer/config dependency for the template; not directly imported by design.	ai	2026/04/30
phantom-deps	phantom-dep:react-dom	AI (phantom-deps): react-dom is a peer/config dependency for the template; not directly imported by design.	ai	2026/04/30
phantom-deps	phantom-dep:@fontsource/fira-sans	AI (phantom-deps): Font package referenced in CSS config, not directly imported in JS; expected pattern for font assets.	ai	2026/04/30

Versions (showing 2 of 2)

Version	Deps	Published
1.1.0	3 / 2	2026-04-28
1.0.0	3 / 2	2026-02-11

v1.1.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.