@esri/calcite-components
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/cdn/7DBM34FB.js | AI (source-diff): Minified CDN build output for UI components. | ai | |
| source-diff | obfuscated-file:dist/cdn/6UERLWMH.js | AI (source-diff): Minified CDN build output for UI components. | ai | |
| source-diff | obfuscated-file:dist/cdn/6XE2EP66.js | AI (source-diff): Minified CDN build output for UI components. | ai | |
| source-diff | obfuscated-file:dist/cdn/6ZUCCZI3.js | AI (source-diff): Minified CDN build output for UI components. | ai | |
| source-diff | obfuscated-file:dist/cdn/75ARST2G.js | AI (source-diff): Minified CDN build output for UI components. | ai | |
| source-diff | large-new-source-files | AI (source-diff): CDN build output with content-hashed filenames; new files expected on major version bumps. | ai | |
| source-diff | obfuscated-file:dist/cdn/2I4IL7KB.js | AI (source-diff): Minified CDN build output for UI components; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/cdn/2P5ISR6V.js | AI (source-diff): Minified CDN build output for UI components. | ai | |
| source-diff | obfuscated-file:dist/cdn/2TVQXBLD.js | AI (source-diff): Minified CDN build output for UI components. | ai | |
| source-diff | obfuscated-file:dist/cdn/2VKTPJWO.js | AI (source-diff): Minified CDN build output for UI components. | ai | |
| source-diff | obfuscated-file:dist/cdn/3GDRQKT2.js | AI (source-diff): Minified CDN build output for UI components. | ai | |
| source-diff | obfuscated-file:dist/cdn/3IM4BLOF.js | AI (source-diff): Minified CDN build output for UI components. | ai | |
| source-diff | obfuscated-file:dist/cdn/4A2BNZJW.js | AI (source-diff): Minified CDN build output for UI components. | ai | |
| source-diff | obfuscated-file:dist/cdn/4ANP3V6G.js | AI (source-diff): Minified CDN build output for UI components. | ai | |
| source-diff | obfuscated-file:dist/cdn/4V5C3DSP.js | AI (source-diff): Minified CDN build output for UI components. | ai | |
| source-diff | obfuscated-file:dist/cdn/54WP47EN.js | AI (source-diff): Minified CDN build output for UI components. | ai | |
| source-diff | obfuscated-file:dist/cdn/5C72Z4LQ.js | AI (source-diff): Minified CDN build output for UI components. | ai | |
| source-diff | obfuscated-file:dist/cdn/5SDZUEAZ.js | AI (source-diff): Minified CDN build output for UI components. | ai | |
| source-diff | obfuscated-file:dist/cdn/5ULM4EXU.js | AI (source-diff): Minified CDN build output for UI components. | ai | |
| source-diff | obfuscated-file:dist/cdn/6U4CYHVA.js | AI (source-diff): Minified CDN build output for UI components. | ai | |
| phantom-deps | phantom-dep:@types/sortablejs | AI (phantom-deps): @types/sortablejs is a type definition package loaded by convention in TypeScript projects; phantom detection is expected and benign here. | ai | |
| phantom-deps | phantom-dep:@floating-ui/utils | AI (phantom-deps): @floating-ui/utils is referenced via config in this component library; phantom detection is a false positive for this package. | ai | |
| license | uncommon-license:SEE LICENSE.md | AI (license): Esri products consistently use a custom proprietary license referenced as 'SEE LICENSE.md'; this is expected and stable for all versions of this package. | ai | |
| phantom-deps | phantom-dep:interactjs | AI (phantom-deps): interactjs is a declared runtime dependency used via config/build tooling in this large component library; phantom detection is a false positive for this package. | ai |
Versions (showing 4 of 4)
| Version | Deps | Published |
|---|---|---|
| 5.1.0 | 15 / 8 | |
| 5.0.2 | 15 / 7 | |
| 5.0.1 | 15 / 7 | |
| 5.0.0 | 15 / 7 |
v5.1.0
26 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.0.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.0.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.