← Home

@edifice.io/react

npm Repository Homepage

Edifice React Library

37
Versions
AGPL-3.0
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

wsejenkins

Keywords

reactfrontendcomponentslibraryui

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
dependencies unvetted-dep:@screeb/sdk-react AI (dependencies): @screeb/sdk-react is a legitimate analytics SDK; its use aligns with the package's existing audience module. ai
source-diff obfuscated-file:dist/modules/icons/components/apps/IconMinetest.js AI (source-diff): SVGR-generated minified SVG React component; long lines are expected for inline SVG path data. ai
phantom-deps phantom-dep:@tiptap/extension-horizontal-rule AI (phantom-deps): Tiptap extension declared as dependency but consumed via starter-kit or config; stable false positive for this package. ai
phantom-deps phantom-dep:@tiptap/extension-code AI (phantom-deps): Tiptap extension; used via config, not direct import. ai
phantom-deps phantom-dep:@tiptap/extension-link AI (phantom-deps): Tiptap extension; used via config, not direct import. ai
phantom-deps phantom-dep:@tiptap/extension-image AI (phantom-deps): Tiptap extension; used via config, not direct import. ai
phantom-deps phantom-dep:@tiptap/extension-italic AI (phantom-deps): Tiptap extension; used via config, not direct import. ai
phantom-deps phantom-dep:@tiptap/extension-strike AI (phantom-deps): Tiptap extension; used via config, not direct import. ai
phantom-deps phantom-dep:@tiptap/extension-heading AI (phantom-deps): Tiptap extension; used via config, not direct import. ai
phantom-deps phantom-dep:@tiptap/extension-history AI (phantom-deps): Tiptap extension; used via config, not direct import. ai
phantom-deps phantom-dep:@tiptap/extension-gapcursor AI (phantom-deps): Tiptap extension; used via config, not direct import. ai
phantom-deps phantom-dep:pako AI (phantom-deps): Used indirectly; declared for transitive dependency management. ai
phantom-deps phantom-dep:@tiptap/extension-list-item AI (phantom-deps): Tiptap extension; used via config, not direct import. ai
phantom-deps phantom-dep:@tiptap/extension-blockquote AI (phantom-deps): Tiptap extension; used via config, not direct import. ai
phantom-deps phantom-dep:@tiptap/extension-code-block AI (phantom-deps): Tiptap extension; used via config, not direct import. ai
phantom-deps phantom-dep:@tiptap/extension-dropcursor AI (phantom-deps): Tiptap extension; used via config, not direct import. ai
phantom-deps phantom-dep:@tiptap/extension-hard-break AI (phantom-deps): Tiptap extension; used via config, not direct import. ai
phantom-deps phantom-dep:@tiptap/extension-table-cell AI (phantom-deps): Tiptap extension; used via config, not direct import. ai
phantom-deps phantom-dep:@tiptap/extension-bullet-list AI (phantom-deps): Tiptap extension; used via config, not direct import. ai
phantom-deps phantom-dep:@tiptap/extension-ordered-list AI (phantom-deps): Tiptap extension; used via config, not direct import. ai
phantom-deps phantom-dep:@tiptap/extension-highlight AI (phantom-deps): Tiptap extension; used via config, not direct import. ai
phantom-deps phantom-dep:@popperjs/core AI (phantom-deps): Indirect dependency of react-popper; declared for stability. ai
phantom-deps phantom-dep:@ant-design/icons AI (phantom-deps): Re-exported from antd; declared for direct access. ai

Versions (showing 37 of 37)

Version Deps Published
2.5.22 64 / 30
2.5.21 63 / 30
2.5.20 63 / 30
2.5.19 63 / 30
2.5.18 65 / 30
2.5.17 65 / 30
2.5.16 65 / 30
2.5.15 65 / 30
2.5.14 65 / 30
2.5.13 65 / 30
2.5.12 65 / 30
2.5.10 65 / 30
2.5.9 64 / 30
2.5.8 64 / 30
2.5.6 63 / 30
2.5.5 63 / 30
2.5.4 63 / 30
2.5.3 63 / 30
2.5.2 61 / 30
2.5.1 61 / 30
2.5.0 61 / 30
2.4.2 61 / 30
2.4.1 61 / 30
2.4.0 61 / 30
2.3.2 60 / 30
2.3.1 60 / 30
2.3.0 60 / 30
2.2.14 60 / 30
2.2.13 60 / 30
2.2.12 60 / 30
2.2.11 60 / 30
2.2.10 48 / 30
2.2.9 48 / 30
2.2.8 48 / 30
2.2.7 48 / 30
2.2.6 48 / 30
2.2.5 48 / 30

v2.5.22

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.5.21

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.5.20

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.5.19

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.5.18

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.5.17

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.5.16

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.5.15

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.5.14

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.5.13

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.5.12

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.5.10

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.5.9

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.5.8

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.5.6

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.5.5

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.5.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.5.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.5.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.5.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.5.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.4.2

2 findings
HIGH New obfuscated file: dist/modules/icons/components/apps/IconMinetest.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.4.1

2 findings
HIGH New obfuscated file: dist/modules/icons/components/apps/IconMinetest.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.4.0

2 findings
HIGH New obfuscated file: dist/modules/icons/components/apps/IconMinetest.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.3.2

2 findings
HIGH New obfuscated file: dist/modules/icons/components/apps/IconMinetest.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.3.1

2 findings
HIGH New obfuscated file: dist/modules/icons/components/apps/IconMinetest.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.3.0

2 findings
HIGH New obfuscated file: dist/modules/icons/components/apps/IconMinetest.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.2.14

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.2.13

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.2.12

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.2.11

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.2.10

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.2.9

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.2.8

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.2.7

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.2.6

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.2.5

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.