@djangocfg/ui-core
Pure React UI component library without Next.js dependencies - for Electron, Vite, CRA apps
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| publish-pattern | new-deps-added | AI (publish-pattern): nextjs-toploader is a legitimate, established Next.js utility; no malicious indicators. | ai | |
| dependencies | unvetted-dep:@radix-ui/react-avatar | AI (dependencies): Official Radix UI component; stable, well-known package. | ai | |
| dependencies | unvetted-dep:@radix-ui/react-hover-card | AI (dependencies): Official Radix UI component; stable, well-known package. | ai | |
| dependencies | unvetted-dep:@web3icons/react | AI (dependencies): Legitimate web3 icon library; no malware indicators. | ai | |
| phantom-deps | phantom-dep:@hookform/resolvers | AI (phantom-deps): Likely re-exported or used indirectly in a UI library context. | ai | |
| phantom-deps | phantom-dep:@radix-ui/react-toast | AI (phantom-deps): Likely re-exported or used indirectly in a UI library context. | ai | |
| phantom-deps | phantom-dep:i18n-iso-countries | AI (phantom-deps): Likely re-exported or used indirectly in a UI library context. | ai |
Versions (showing 100 of 182)
| Version | Deps | Published |
|---|---|---|
| 2.1.431 | 50 / 8 | |
| 2.1.430 | 50 / 8 | |
| 2.1.429 | 50 / 8 | |
| 2.1.428 | 50 / 8 | |
| 2.1.427 | 50 / 8 | |
| 2.1.426 | 50 / 8 | |
| 2.1.425 | 50 / 8 | |
| 2.1.424 | 50 / 8 | |
| 2.1.423 | 50 / 8 | |
| 2.1.422 | 50 / 8 | |
| 2.1.421 | 50 / 8 | |
| 2.1.420 | 50 / 8 | |
| 2.1.419 | 50 / 8 | |
| 2.1.418 | 50 / 8 | |
| 2.1.417 | 50 / 8 | |
| 2.1.416 | 50 / 8 | |
| 2.1.415 | 50 / 8 | |
| 2.1.413 | 50 / 8 | |
| 2.1.412 | 50 / 8 | |
| 2.1.411 | 50 / 8 | |
| 2.1.409 | 50 / 8 | |
| 2.1.408 | 50 / 8 | |
| 2.1.407 | 49 / 8 | |
| 2.1.404 | 49 / 8 | |
| 2.1.402 | 49 / 8 | |
| 2.1.400 | 49 / 8 | |
| 2.1.399 | 49 / 8 | |
| 2.1.397 | 49 / 8 | |
| 2.1.395 | 49 / 8 | |
| 2.1.394 | 49 / 8 | |
| 2.1.393 | 49 / 8 | |
| 2.1.390 | 49 / 8 | |
| 2.1.389 | 49 / 8 | |
| 2.1.387 | 49 / 8 | |
| 2.1.385 | 49 / 8 | |
| 2.1.384 | 49 / 8 | |
| 2.1.383 | 49 / 8 | |
| 2.1.382 | 49 / 9 | |
| 2.1.381 | 49 / 9 | |
| 2.1.380 | 49 / 9 | |
| 2.1.379 | 49 / 9 | |
| 2.1.378 | 49 / 9 | |
| 2.1.377 | 49 / 9 | |
| 2.1.376 | 49 / 9 | |
| 2.1.375 | 49 / 9 | |
| 2.1.374 | 49 / 9 | |
| 2.1.373 | 49 / 9 | |
| 2.1.372 | 49 / 9 | |
| 2.1.371 | 49 / 9 | |
| 2.1.369 | 49 / 9 | |
| 2.1.368 | 49 / 9 | |
| 2.1.367 | 49 / 9 | |
| 2.1.366 | 49 / 9 | |
| 2.1.365 | 49 / 9 | |
| 2.1.364 | 49 / 9 | |
| 2.1.363 | 49 / 9 | |
| 2.1.362 | 49 / 9 | |
| 2.1.361 | 49 / 9 | |
| 2.1.360 | 49 / 9 | |
| 2.1.334 | 48 / 9 | |
| 2.1.327 | 48 / 9 | |
| 2.1.225 | 47 / 8 | |
| 2.1.224 | 47 / 8 | |
| 2.1.223 | 47 / 8 | |
| 2.1.222 | 47 / 8 | |
| 2.1.221 | 47 / 8 | |
| 2.1.219 | 47 / 8 | |
| 2.1.218 | 47 / 8 | |
| 2.1.217 | 47 / 8 | |
| 2.1.216 | 47 / 8 | |
| 2.1.215 | 47 / 8 | |
| 2.1.213 | 47 / 8 | |
| 2.1.212 | 47 / 8 | |
| 2.1.210 | 47 / 8 | |
| 2.1.209 | 47 / 8 | |
| 2.1.208 | 47 / 8 | |
| 2.1.207 | 47 / 8 | |
| 2.1.206 | 47 / 8 | |
| 2.1.205 | 47 / 8 | |
| 2.1.204 | 47 / 8 | |
| 2.1.203 | 47 / 8 | |
| 2.1.202 | 47 / 8 | |
| 2.1.201 | 47 / 8 | |
| 2.1.200 | 47 / 8 | |
| 2.1.198 | 47 / 8 | |
| 2.1.197 | 47 / 8 | |
| 2.1.196 | 47 / 8 | |
| 2.1.194 | 47 / 8 | |
| 2.1.193 | 47 / 8 | |
| 2.1.192 | 47 / 8 | |
| 2.1.191 | 47 / 8 | |
| 2.1.190 | 47 / 8 | |
| 2.1.189 | 47 / 8 | |
| 2.1.188 | 47 / 8 | |
| 2.1.187 | 47 / 8 | |
| 2.1.186 | 47 / 8 | |
| 2.1.185 | 47 / 8 | |
| 2.1.184 | 47 / 8 | |
| 2.1.183 | 47 / 8 | |
| 2.1.182 | 47 / 8 |
v2.1.431
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.430
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.429
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.428
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.427
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.426
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.425
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.424
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.423
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.422
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.421
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.420
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.419
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.418
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.417
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.416
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.415
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.413
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.412
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.411
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.409
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.408
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.407
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.404
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.402
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.400
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.399
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.397
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.395
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.394
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.393
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.390
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.389
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.387
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.385
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.384
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.383
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.382
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.381
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.380
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.379
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.378
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.377
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.376
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.375
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.374
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.373
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.372
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.371
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.369
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.368
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.367
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.366
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.365
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.364
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.363
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.362
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.361
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.360
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.225
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.224
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.223
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.222
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.221
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.219
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.218
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.217
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.216
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.215
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.213
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.212
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.210
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.209
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.208
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.207
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.206
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.205
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.204
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.203
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.202
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.201
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.200
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.198
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.197
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.196
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.194
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.193
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.192
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.191
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.190
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.189
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.188
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.187
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.186
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.185
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.184
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.183
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.182
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.