← Home

@flarehr/salpac-cars-calculator

npm

Flare Cars Calculator

41
Versions
MIT
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

kyryll-flarehriain.fergusoningerweinberger74boris.etingof.flareflare.buildvitaly.brusentsevrubindershanganesan

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
source-diff obfuscated-file:dist/energy-flex-cars-calculator.js AI (source-diff): Standard Vite/Preact minified bundle output; consistent with multi-config build pipeline. ai
source-diff net-exec-file:dist/energy-flex-cars-calculator.js AI (source-diff): Network calls and dynamic patterns are Preact vdom internals in minified bundle, not malware. ai
source-diff obfuscated-file:dist/byd-cars-calculator.js AI (source-diff): Standard Vite/Preact minified bundle output; consistent across all versions of this package. ai
source-diff net-exec-file:dist/byd-cars-calculator.js AI (source-diff): Network calls and dynamic patterns are part of Preact's vdom runtime, not dropper behavior. ai
source-diff obfuscated-file:dist/flare-cars-calculator.js AI (source-diff): Standard Vite/Preact minified bundle output; consistent across all versions of this package. ai
source-diff net-exec-file:dist/flare-cars-calculator.js AI (source-diff): Network calls and dynamic patterns are part of Preact's vdom runtime, not dropper behavior. ai
phantom-deps phantom-dep:@emotion/styled AI (phantom-deps): Same bundled output pattern; stable false positive for this package. ai
phantom-deps phantom-dep:react-hook-form AI (phantom-deps): Same bundled output pattern; stable false positive for this package. ai
phantom-deps phantom-dep:@heroicons/react AI (phantom-deps): Same bundled output pattern; stable false positive for this package. ai
phantom-deps phantom-dep:uuid AI (phantom-deps): Bundled output package; deps declared in package.json but consumed via build artifacts, not direct imports. ai
phantom-deps phantom-dep:preact-custom-element AI (phantom-deps): Same bundled output pattern; stable false positive for this package. ai
phantom-deps phantom-dep:react-highlight-words AI (phantom-deps): Same bundled output pattern; stable false positive for this package. ai
phantom-deps phantom-dep:smoothscroll-polyfill AI (phantom-deps): Same bundled output pattern; stable false positive for this package. ai
phantom-deps phantom-dep:@headlessui/react AI (phantom-deps): Same bundled output pattern; stable false positive for this package. ai
phantom-deps phantom-dep:lodash AI (phantom-deps): Same bundled output pattern; stable false positive for this package. ai
phantom-deps phantom-dep:preact AI (phantom-deps): Same bundled output pattern; stable false positive for this package. ai
phantom-deps phantom-dep:@emotion/css AI (phantom-deps): Same bundled output pattern; stable false positive for this package. ai
phantom-deps phantom-dep:@emotion/cache AI (phantom-deps): Same bundled output pattern; stable false positive for this package. ai
phantom-deps phantom-dep:@emotion/react AI (phantom-deps): Same bundled output pattern; stable false positive for this package. ai

Versions (showing 41 of 342)

Version Deps Published
1.0.1114 13 / 43
1.0.1113 13 / 43
1.0.1112 13 / 43
1.0.1111 13 / 43
1.0.1110 13 / 43
1.0.1109 13 / 43
1.0.1108 13 / 43
1.0.1107 13 / 43
1.0.1106 13 / 43
1.0.1105 13 / 43
1.0.1104 13 / 43
1.0.1103 13 / 43
1.0.1102 13 / 43
1.0.1101 13 / 43
1.0.1100 13 / 43
1.0.1099 13 / 43
1.0.1098 13 / 43
1.0.1097 13 / 43
1.0.1096 13 / 43
1.0.1095 13 / 43
1.0.1094 13 / 43
1.0.1093 13 / 43
1.0.1092 13 / 43
1.0.1091 13 / 43
1.0.1090 13 / 43
1.0.1089 13 / 43
1.0.1088 13 / 43
1.0.1087 13 / 43
1.0.1086 13 / 43
1.0.1085 13 / 43
1.0.1084 13 / 43
1.0.1083 13 / 43
1.0.1082 13 / 43
1.0.1081 13 / 43
1.0.1080 13 / 43
1.0.1079 13 / 43
1.0.1078 13 / 43
1.0.1077 13 / 43
1.0.1076 13 / 43
1.0.1075 13 / 43
1.0.1074 13 / 43

v1.0.1114

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.1113

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.1112

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.1111

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.1110

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.1109

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.1108

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.1107

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.1106

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.1105

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.1104

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.1103

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.1102

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.1101

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.1100

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.1099

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.1098

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.1097

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.1096

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.1095

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.1094

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.1093

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.1092

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.1091

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.1090

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.1089

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.1088

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.1087

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.1086

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.1085

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.1084

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.1083

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.1082

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.1081

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.1080

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.1079

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.1078

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.1077

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.1076

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.1075

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.1074

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.