← Home

@enso-ui/io

npm Repository Homepage
12
Versions
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

aocneanugandescvlad.chvraftx24manuela.mindroc

Keywords

iovue

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
phantom-deps phantom-dep:vuex AI (phantom-deps): vuex is a peer/config-level dep for Vue 3 ecosystem packages; not directly imported by design. ai
phantom-deps phantom-dep:vue AI (phantom-deps): Vue is a peer dep for a Vue component library; not directly imported by design. ai
phantom-deps phantom-dep:@enso-ui/ui AI (phantom-deps): Same-org peer dep; stable false positive for this package. ai
phantom-deps phantom-dep:@enso-ui/users AI (phantom-deps): Same-org peer dep; stable false positive for this package. ai
phantom-deps phantom-dep:@enso-ui/mixins AI (phantom-deps): Same-org peer dep; stable false positive for this package. ai
phantom-deps phantom-dep:@enso-ui/directives AI (phantom-deps): Same-org peer dep; stable false positive for this package. ai
typosquat typosquat.levenshtein:pino AI (typosquat): Same as above; scoped package, not a typosquat. ai
phantom-deps phantom-dep:date-fns AI (phantom-deps): Listed as a runtime dependency; used in Vue SFC templates not directly importable by static analysis. ai
typosquat typosquat.levenshtein:koa AI (typosquat): Scoped @enso-ui package; Levenshtein match on short names is a false positive for this namespace. ai
phantom-deps phantom-dep:@fortawesome/fontawesome-svg-core AI (phantom-deps): Same as above; Vue SFC usage not detected by static import analysis. ai
phantom-deps phantom-dep:@fortawesome/free-solid-svg-icons AI (phantom-deps): Same as above; Vue SFC usage not detected by static import analysis. ai
phantom-deps phantom-dep:@fortawesome/vue-fontawesome AI (phantom-deps): UI component library; used in Vue templates, not directly imported in JS files. ai
typosquat typosquat.levenshtein:got AI (typosquat): Same as above; scoped package, not a typosquat. ai
typosquat typosquat.levenshtein:pg AI (typosquat): Same as above; scoped package, not a typosquat. ai
typosquat typosquat.levenshtein:qs AI (typosquat): Same as above; scoped package, not a typosquat. ai
typosquat typosquat.levenshtein:joi AI (typosquat): Same as above; scoped package, not a typosquat. ai
typosquat typosquat.levenshtein:zod AI (typosquat): Same as above; scoped package, not a typosquat. ai

Versions (showing 12 of 12)

Version Deps Published
3.3.10 4 / 9
3.3.9 4 / 10
3.3.8 4 / 10
3.3.7 4 / 10
3.3.6 4 / 6
3.3.5 4 / 6
3.3.4 8 / 2
3.3.3 10 / 0
3.3.1 10 / 0
3.3.0 10 / 0
3.2.0 10 / 0
3.1.3 10 / 9

v3.3.10

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.3.8

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.3.7

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.3.6

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.3.5

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.3.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.3.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.3.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.3.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.2.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.1.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.