@draftbit/ui — Greenflagged

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

adnelsonbluerssenyoussefhennas0lastersieuhuflitspiritanand

react-nativeiosandroid

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
typosquat	typosquat.levenshtein:uuid	AI (typosquat): Scoped package @draftbit/ui; Levenshtein match to 'uuid' is a false positive.	ai	2026/05/23
typosquat	typosquat.levenshtein:pg	AI (typosquat): Scoped package @draftbit/ui; Levenshtein match to 'pg' is a false positive.	ai	2026/05/23
typosquat	typosquat.levenshtein:qs	AI (typosquat): Scoped package @draftbit/ui; Levenshtein match to 'qs' is a false positive.	ai	2026/05/23
typosquat	typosquat.levenshtein:joi	AI (typosquat): Scoped package @draftbit/ui; Levenshtein match to 'joi' is a false positive.	ai	2026/05/23
typosquat	typosquat.levenshtein:yup	AI (typosquat): Scoped package @draftbit/ui; Levenshtein match to 'yup' is a false positive.	ai	2026/05/23
phantom-deps	phantom-dep:react-native-reanimated	AI (phantom-deps): react-native-reanimated is a declared runtime dep; platform-specific binary flagged as phantom is a known false positive for RN packages.	ai	2026/05/23

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.