← Home

@duetds/components

npm

This package includes Duet Design System Web Components and related utilities.

6
Versions
SEE LICENSE IN LICENSE.md
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

lahitapiolalennukasimir-dkaeremannistoleodka

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
source-diff obfuscated-file:lib/dist-custom-elements/p-06deb63a.js AI (source-diff): Stencil custom elements bundle; readable duet-chip component code in sample. ai
source-diff obfuscated-file:lib/esm-es5/index-e0645409.js AI (source-diff): Standard Stencil.js minified build output for Duet Design System; consistent pattern across all versions. ai
source-diff obfuscated-file:lib/duet/p-0196e419.system.entry.js AI (source-diff): Stencil System.register bundle with visible Duet component CSS/logic; not obfuscated malware. ai
source-diff obfuscated-file:lib/duet/p-01bfa80a.entry.js AI (source-diff): Stencil ESM entry bundle; readable component logic visible in sample. ai
source-diff obfuscated-file:lib/duet/p-01c4784d.entry.js AI (source-diff): Stencil ESM entry bundle; readable component logic visible in sample. ai
source-diff obfuscated-file:lib/duet/p-021aad93.entry.js AI (source-diff): Stencil ESM entry bundle; readable component logic visible in sample. ai
source-diff obfuscated-file:lib/duet/p-02b0b46e.system.entry.js AI (source-diff): Stencil System.register bundle; readable CSS and component logic in sample. ai
source-diff obfuscated-file:lib/dist-custom-elements/p-05128e11.js AI (source-diff): Stencil custom elements bundle; readable duet-alert component code in sample. ai
source-diff large-new-source-files AI (source-diff): Component library with 688 versions; large file counts are expected for incremental Stencil builds. ai
source-diff obfuscated-file:lib/duet/p-155804fc.entry.js AI (source-diff): Stencil.js component entry bundle; minified output is expected for this package. ai
source-diff obfuscated-file:lib/esm/floating-ui.dom.browser.min-B_NkY9T0.js AI (source-diff): Minified floating-ui dependency bundle; standard build artifact for this design system package. ai
source-diff obfuscated-file:lib/cjs/floating-ui.dom.browser.min-Cj0r5YDz.js AI (source-diff): CJS variant of floating-ui bundle; same legitimate build artifact. ai
source-diff obfuscated-file:lib/duet/p-0393a2ca.entry.js AI (source-diff): Stencil.js component entry bundle; minified output is expected for this package. ai
source-diff obfuscated-file:lib/duet/p-0b8da007.entry.js AI (source-diff): Stencil.js component entry bundle; minified output is expected for this package. ai
source-diff obfuscated-file:lib/duet/p-0d2652f7.entry.js AI (source-diff): Stencil.js component entry bundle; minified output is expected for this package. ai
source-diff obfuscated-file:lib/duet/p-0f746b98.entry.js AI (source-diff): Stencil.js component entry bundle; minified output is expected for this package. ai
source-diff obfuscated-file:lib/duet/p-1061ece7.entry.js AI (source-diff): Stencil.js component entry bundle; minified output is expected for this package. ai
semgrep semgrep:dynamic-require AI (semgrep): Fires in Stencil/Vite CJS bundle lazy-load pattern; stable false positive for this package. ai
bogus-package bogus-package AI (bogus-package): Scoped component library with CJS shim entry point; no-repo/no-keywords are expected for this package structure. ai

Versions (showing 6 of 6)

Version Deps Published
10.1.0 2 / 26
10.0.0 2 / 26
9.20.0 2 / 26
9.19.1 2 / 26
9.19.0 2 / 26
9.18.0 2 / 26

v10.1.0

32 findings
HIGH Publisher changed: lahitapiola → kasimir-dka (on 2026-05-21) provenance

This version was published by a different npm account than previous versions on 2026-05-21. This could indicate a legitimate maintainer transition or an account compromise.

HIGH New obfuscated file: lib/duet/p-04c9c13e.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/duet/p-0d1a4928.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/duet/p-0fabcede.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/duet/p-1380370e.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/duet/p-140b87f4.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/duet/p-141f03da.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/duet/p-14d64261.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/duet/p-1d8da041.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/duet/p-24f206ab.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/duet/p-28325583.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/duet/p-2c4f4896.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/duet/p-2d0eb4b5.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/duet/p-30ae4852.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/duet/p-320e4688.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/duet/p-36d2a441.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/duet/p-3a108321.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/duet/p-3b52f20d.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/duet/p-40956ec6.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/duet/p-43f15ad6.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/duet/p-4862f0c6.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/duet/p-4d14780b.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/duet/p-4de6cd49.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/duet/p-540fc47b.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/duet/p-57ba8f5f.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/duet/p-581e1e08.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/duet/p-5f329414.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/duet/p-6043a6de.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/duet/p-6662042f.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/duet/p-6862c7d5.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/duet/p-6b2823ed.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v10.0.0

9 findings
HIGH New obfuscated file: lib/esm/floating-ui.dom.browser.min-B_NkY9T0.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/cjs/floating-ui.dom.browser.min-Cj0r5YDz.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/duet/p-0393a2ca.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/duet/p-0b8da007.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/duet/p-0d2652f7.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/duet/p-0f746b98.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/duet/p-1061ece7.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/duet/p-155804fc.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v9.20.0

25 findings
HIGH New obfuscated file: lib/esm-es5/index-e0645409.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/duet/p-0196e419.system.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/duet/p-01bfa80a.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/duet/p-01c4784d.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/duet/p-021aad93.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/duet/p-02b0b46e.system.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/dist-custom-elements/p-05128e11.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/dist-custom-elements/p-06deb63a.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/duet/p-08bafedd.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/duet/p-0a04f223.system.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/duet/p-0a55a31e.system.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/dist-custom-elements/p-0af6662f.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/duet/p-0b393b45.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/duet/p-0b4d95a3.system.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/duet/p-0d93d5d6.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/duet/p-0dd9cb8f.system.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/duet/p-0ea89bc3.system.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/duet/p-108a8449.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/duet/p-11484af4.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/duet/p-1188bd88.system.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/duet/p-1255ca3c.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/dist-custom-elements/p-13d994c2.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/duet/p-147036df.system.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/duet/p-1640e9ef.system.entry.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v9.19.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v9.19.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v9.18.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.