@enso-ui/files
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:vuex | AI (phantom-deps): Vuex is a peer dep; same pattern as vue for this Vue component library. | ai | |
| phantom-deps | phantom-dep:@enso-ui/mixins | AI (phantom-deps): Same-org component dep; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@enso-ui/clipboard | AI (phantom-deps): Same-org component dep; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@enso-ui/directives | AI (phantom-deps): Same-org component dep; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@enso-ui/confirmation | AI (phantom-deps): Same-org component dep; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:vue | AI (phantom-deps): Vue is a peer/config dep for a Vue component library; not directly imported in source is expected. | ai | |
| phantom-deps | phantom-dep:lodash | AI (phantom-deps): Utility dep referenced in config; phantom-dep false positive for this package. | ai | |
| phantom-deps | phantom-dep:@enso-ui/tabs | AI (phantom-deps): Same-org component dep; phantom-dep heuristic unreliable for Vue SFC component libraries. | ai | |
| phantom-deps | phantom-dep:@enso-ui/modal | AI (phantom-deps): Same-org component dep; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@enso-ui/filters | AI (phantom-deps): Same-org component dep; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@enso-ui/uploader | AI (phantom-deps): Same-org component dep; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@fortawesome/free-regular-svg-icons | AI (phantom-deps): Config-file reference in Vue library; stable pattern across versions. | ai | |
| phantom-deps | phantom-dep:lodash-es | AI (phantom-deps): Config-file reference in Vue library; stable pattern across versions. | ai | |
| phantom-deps | phantom-dep:@fortawesome/vue-fontawesome | AI (phantom-deps): Config-file reference in Vue library; stable pattern across versions. | ai |
Versions (showing 21 of 21)
| Version | Deps | Published |
|---|---|---|
| 5.4.19 | 5 / 19 | |
| 5.4.18 | 5 / 19 | |
| 5.4.17 | 5 / 19 | |
| 5.4.16 | 5 / 19 | |
| 5.4.15 | 5 / 19 | |
| 5.4.14 | 5 / 19 | |
| 5.4.13 | 5 / 19 | |
| 5.4.12 | 5 / 19 | |
| 5.4.11 | 5 / 19 | |
| 5.4.10 | 5 / 19 | |
| 5.4.9 | 5 / 19 | |
| 5.4.8 | 5 / 17 | |
| 5.4.7 | 5 / 17 | |
| 5.4.6 | 5 / 11 | |
| 5.4.5 | 5 / 11 | |
| 5.4.1 | 16 / 0 | |
| 5.3.0 | 16 / 0 | |
| 5.2.5 | 15 / 9 | |
| 5.2.4 | 15 / 9 | |
| 5.2.2 | 15 / 9 | |
| 5.2.0 | 15 / 9 |
v5.4.19
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.4.18
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.4.17
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.4.16
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.4.15
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v5.4.14
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v5.4.13
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v5.4.12
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v5.4.11
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v5.4.10
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v5.4.9
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v5.4.8
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v5.4.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v5.4.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v5.4.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v5.4.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v5.3.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v5.2.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v5.2.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v5.2.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v5.2.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.