← Home

@dwidge/json-schema-form-rnw

npm Repository Homepage

A JSON schema form implementation for React Native Web.

43
Versions
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

dwidgedev

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
provenance missing-githead AI (provenance): Publisher has a clean track record (159 approved, 0 rejected). Missing gitHead likely reflects a CI/CD environment change, not a supply chain compromise. Package has no install scripts or suspicious code. ai
bogus-package bogus-package AI (bogus-package): Scoped utility package from established publisher; sparse README and no keywords are normal for @dwidge/* packages. ai
provenance no-provenance AI (provenance): Individual developer publishing without CI/CD provenance; consistent with publisher's other 200 approved packages. ai
phantom-deps phantom-dep:react-native-web AI (phantom-deps): Platform-specific binary package; correctly declared and used by dependent packages in this ecosystem. ai
phantom-deps phantom-dep:assert AI (phantom-deps): assert is a legitimate polyfill dependency for Node.js compatibility; commonly declared but indirectly used. ai
phantom-deps phantom-dep:@rneui/base AI (phantom-deps): Platform-specific dependency used by @rneui/themed; normal pattern in React Native Web packages. ai
maintainer-change maintainer-takeover AI (maintainer-change): dwidge→dwidgedev transition is within the same namespace/GitHub org; consistent with a developer account rename. Publisher dwidgedev has a clean 159-approved track record. ai
provenance publisher-changed AI (provenance): Publisher change aligns with same-namespace account migration (dwidge→dwidgedev); no external actor involved. ai
maintainer-change maintainer-added AI (maintainer-change): New maintainer dwidgedev is the same developer under a renamed account within the same @dwidge namespace. ai
maintainer-change maintainer-removed AI (maintainer-change): Removal of dwidge is consistent with account consolidation to dwidgedev; same namespace owner. ai
dependencies unvetted-dep:assert AI (dependencies): assert is a well-known Node.js core polyfill package; legitimate dependency for a form validation library. ai
dependencies unvetted-dep:ajv-errors AI (dependencies): ajv-errors is a standard AJV ecosystem plugin for custom error messages; no security concern. ai
dependencies unvetted-dep:ajv-formats AI (dependencies): ajv-formats is a standard AJV ecosystem plugin for format validation; no security concern. ai
dependencies unvetted-dep:@rneui/base AI (dependencies): React Native Elements UI library; well-known and expected for a React Native Web form component package. ai
dependencies unvetted-dep:@rneui/themed AI (dependencies): React Native Elements themed package; well-known and expected for a React Native Web form component package. ai
dependencies unvetted-dep:react-native-web AI (dependencies): react-native-web is the canonical web target for React Native; expected dependency for an RNW library. ai

Versions (showing 43 of 43)

Version Deps Published
0.0.46 0 / 5
0.0.45 0 / 5
0.0.43 0 / 5
0.0.42 0 / 5
0.0.41 0 / 5
0.0.40 0 / 5
0.0.39 0 / 5
0.0.38 0 / 5
0.0.37 0 / 5
0.0.36 0 / 5
0.0.35 0 / 5
0.0.34 0 / 5
0.0.33 0 / 5
0.0.32 0 / 5
0.0.31 0 / 5
0.0.29 0 / 5
0.0.28 0 / 5
0.0.27 0 / 5
0.0.26 0 / 5
0.0.25 0 / 5
0.0.24 0 / 5
0.0.23 0 / 5
0.0.22 0 / 5
0.0.21 0 / 5
0.0.20 0 / 5
0.0.19 0 / 5
0.0.18 0 / 5
0.0.17 0 / 5
0.0.16 0 / 5
0.0.15 0 / 5
0.0.14 0 / 5
0.0.13 0 / 5
0.0.12 0 / 5
0.0.11 0 / 5
0.0.10 0 / 5
0.0.9 0 / 5
0.0.8 0 / 5
0.0.7 0 / 5
0.0.6 0 / 5
0.0.5 0 / 5
0.0.3 11 / 5
0.0.2 0 / 5
0.0.1 11 / 5