← Home

@doist/ui-extensions-core

npm Repository Homepage
2
Versions
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

ricardoisthenningmujvalenteantondoistjefcurtisdoistbotfbiduernestodoist

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
bogus-package bogus-package AI (bogus-package): Scoped internal library from Doist org; sparse README and no keywords are expected for this type of package. ai

Versions (showing 2 of 2)

Version Deps Published
5.1.2 1 / 0
5.0.0 1 / 0

v5.0.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.