← Home

@flarehr/apollo-benefits

npm

Flare Benefits

8
Versions
MIT
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

kyryll-flarehriain.fergusoningerweinberger74boris.etingof.flareflare.buildvitaly.brusentsevrubindershanganesan

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
phantom-deps phantom-dep:yup AI (phantom-deps): Legitimate form-validation lib; phantom-dep heuristic false positive for this bundled app package. ai
phantom-deps phantom-dep:clsx AI (phantom-deps): Legitimate utility; phantom-dep heuristic false positive for this bundled app package. ai
phantom-deps phantom-dep:rxjs AI (phantom-deps): Legitimate reactive lib; phantom-dep heuristic false positive for this bundled app package. ai
phantom-deps phantom-dep:preact AI (phantom-deps): Core framework dep; phantom-dep heuristic false positive for this bundled app package. ai
phantom-deps phantom-dep:formik AI (phantom-deps): Legitimate form lib; phantom-dep heuristic false positive for this bundled app package. ai
phantom-deps phantom-dep:framer-motion AI (phantom-deps): Legitimate animation lib; phantom-dep heuristic false positive for this bundled app package. ai
phantom-deps phantom-dep:date-fns AI (phantom-deps): Legitimate date lib; phantom-dep heuristic false positive for this bundled app package. ai
phantom-deps phantom-dep:@datadog/browser-rum AI (phantom-deps): Legitimate monitoring lib; phantom-dep heuristic false positive for this bundled app package. ai
phantom-deps phantom-dep:@fortawesome/pro-light-svg-icons AI (phantom-deps): Legitimate icon lib; phantom-dep heuristic false positive for this bundled app package. ai
phantom-deps phantom-dep:@fortawesome/pro-solid-svg-icons AI (phantom-deps): Legitimate icon lib; phantom-dep heuristic false positive for this bundled app package. ai
phantom-deps phantom-dep:@fortawesome/pro-duotone-svg-icons AI (phantom-deps): Legitimate icon lib; phantom-dep heuristic false positive for this bundled app package. ai
phantom-deps phantom-dep:@fortawesome/pro-regular-svg-icons AI (phantom-deps): Legitimate icon lib; phantom-dep heuristic false positive for this bundled app package. ai
phantom-deps phantom-dep:contentful AI (phantom-deps): Legitimate CMS SDK; phantom-dep heuristic false positive for this bundled app package. ai
phantom-deps phantom-dep:preact-iso AI (phantom-deps): Legitimate Preact routing lib; phantom-dep heuristic false positive for this bundled app package. ai
phantom-deps phantom-dep:preact-router AI (phantom-deps): Legitimate Preact routing lib; phantom-dep heuristic false positive for this bundled app package. ai
phantom-deps phantom-dep:@popperjs/core AI (phantom-deps): Legitimate positioning lib; phantom-dep heuristic false positive for this bundled app package. ai
phantom-deps phantom-dep:@datorama/akita AI (phantom-deps): Legitimate state management lib; phantom-dep heuristic false positive for this bundled app package. ai
phantom-deps phantom-dep:@typeform/embed-react AI (phantom-deps): Legitimate Typeform embed lib; phantom-dep heuristic false positive for this bundled app package. ai
phantom-deps phantom-dep:@microsoft/applicationinsights-web AI (phantom-deps): Legitimate Azure monitoring SDK; phantom-dep heuristic false positive for this bundled app package. ai
phantom-deps phantom-dep:react-svg AI (phantom-deps): Legitimate SVG lib; phantom-dep heuristic false positive for this bundled app package. ai

Versions (showing 8 of 8)

Version Deps Published
1.4.7265 40 / 56
1.4.6933 40 / 56
1.4.6684 40 / 56
1.4.6667 40 / 56
1.4.6410 40 / 56
1.4.6233 40 / 56
0.4.7219 40 / 56
0.4.6622 40 / 56

v1.4.7265

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.4.6684

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.4.6667

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.4.6410

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.4.6233

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.4.7219

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.4.6622

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.