@fe-free/core — Greenflagged

React 业务核心组件库：CRUD、ProForm 扩展、布局、路由、树、上传等（Antd + ProComponents）

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

liyatang

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
dependencies	unvetted-dep:@ant-design/x-markdown	AI (dependencies): @ant-design/x-markdown is part of the official Ant Design ecosystem; stable false positive for this package.	ai	2026/05/31
npm-metadata	no-description	AI (npm-metadata): Consistently missing description across all versions; stable false positive for this package.	ai	2026/05/30
bogus-package	bogus-package	AI (bogus-package): Internal/private-style package with 255 versions; missing metadata is a stable characteristic, not a malware signal.	ai	2026/05/30
phantom-deps	phantom-dep:rehype-raw	AI (phantom-deps): Markdown-related peer/optional dep referenced in config; stable pattern for this package.	ai	2026/05/30
phantom-deps	phantom-dep:remark-gfm	AI (phantom-deps): Markdown-related dep referenced in config; stable false positive.	ai	2026/05/30
phantom-deps	phantom-dep:react-markdown	AI (phantom-deps): Markdown-related dep referenced in config; stable false positive.	ai	2026/05/30
phantom-deps	phantom-dep:github-markdown-css	AI (phantom-deps): CSS dep referenced in config; stable false positive.	ai	2026/05/30
phantom-deps	phantom-dep:react-syntax-highlighter	AI (phantom-deps): Markdown/syntax dep referenced in config; stable false positive.	ai	2026/05/30
phantom-deps	phantom-dep:@codemirror/lang-html	AI (phantom-deps): Config-referenced optional language plugin; stable pattern for this package.	ai	2026/05/28
phantom-deps	phantom-dep:react-ace	AI (phantom-deps): Config-referenced peer; stable pattern for this package.	ai	2026/05/18
phantom-deps	phantom-dep:@codemirror/lang-sql	AI (phantom-deps): Config-referenced peer; stable pattern for this package.	ai	2026/05/18
phantom-deps	phantom-dep:@codemirror/lang-xml	AI (phantom-deps): Config-referenced peer; stable pattern for this package.	ai	2026/05/18
phantom-deps	phantom-dep:zustand	AI (phantom-deps): Config-referenced peer; stable pattern for this package.	ai	2026/05/18
typosquat	typosquat.levenshtein:cors	AI (typosquat): Scoped package @fe-free/core is a React UI library; name similarity to 'cors' is coincidental, not a typosquat.	ai	2026/05/06

Versions (showing 43 of 145)

Version	Deps	Published
3.0.38	29 / 0	2025-12-23
3.0.37	29 / 0	2025-12-22
3.0.36	29 / 0	2025-12-22
3.0.35	29 / 0	2025-12-19
3.0.34	29 / 0	2025-12-17
3.0.33	29 / 0	2025-12-16
3.0.32	29 / 0	2025-12-15
3.0.31	29 / 0	2025-12-15
3.0.30	29 / 0	2025-12-15
3.0.29	29 / 0	2025-12-15
3.0.28	32 / 0	2025-12-15
3.0.27	32 / 0	2025-12-15
3.0.26	32 / 0	2025-12-12
3.0.25	32 / 0	2025-12-12
3.0.24	32 / 0	2025-12-10
3.0.23	32 / 0	2025-12-09
3.0.22	32 / 0	2025-12-09
3.0.21	32 / 0	2025-12-09
3.0.20	32 / 0	2025-12-05
3.0.19	32 / 0	2025-12-05
3.0.18	32 / 0	2025-12-05
3.0.17	32 / 0	2025-12-03
3.0.16	32 / 0	2025-12-01
3.0.15	32 / 0	2025-12-01
3.0.14	32 / 0	2025-11-28
3.0.13	32 / 0	2025-11-24
3.0.12	32 / 0	2025-11-23
3.0.11	32 / 0	2025-11-21
3.0.10	32 / 0	2025-11-21
3.0.9	32 / 0	2025-11-19
3.0.8	32 / 0	2025-11-19
3.0.7	32 / 0	2025-11-18
3.0.6	32 / 0	2025-11-18
3.0.5	32 / 0	2025-11-18
3.0.4	32 / 0	2025-11-18
3.0.3	32 / 0	2025-11-18
3.0.2	32 / 0	2025-11-15
3.0.1	32 / 0	2025-11-15
3.0.0	32 / 0	2025-11-15
2.8.15	32 / 0	2025-11-14
2.8.14	32 / 0	2025-11-14
2.8.13	32 / 0	2025-11-14
2.8.12	32 / 0	2025-11-13