@flarehr/superhero-salpac-profile-admin
Flare Superhero Profile Admin
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:preact | AI (phantom-deps): Bundled Preact app; deps consumed via Vite build, not direct imports. Stable FP for this package. | ai | |
| phantom-deps | phantom-dep:jwt-decode | AI (phantom-deps): Runtime dep bundled via Vite; phantom-dep heuristic is a stable FP for this package. | ai | |
| phantom-deps | phantom-dep:@emotion/css | AI (phantom-deps): Emotion CSS bundled via Vite/twin.macro; stable FP for this package. | ai | |
| phantom-deps | phantom-dep:react-router | AI (phantom-deps): Bundled via Vite; stable FP for this package. | ai | |
| phantom-deps | phantom-dep:@emotion/cache | AI (phantom-deps): Emotion dep bundled via Vite; stable FP for this package. | ai | |
| phantom-deps | phantom-dep:@emotion/react | AI (phantom-deps): Emotion dep bundled via Vite; stable FP for this package. | ai | |
| phantom-deps | phantom-dep:@emotion/styled | AI (phantom-deps): Emotion dep bundled via Vite; stable FP for this package. | ai | |
| phantom-deps | phantom-dep:@heroicons/react | AI (phantom-deps): Bundled via Vite; stable FP for this package. | ai | |
| phantom-deps | phantom-dep:@headlessui/react | AI (phantom-deps): Bundled via Vite; stable FP for this package. | ai | |
| phantom-deps | phantom-dep:@tanstack/react-query | AI (phantom-deps): Bundled via Vite; stable FP for this package. | ai | |
| phantom-deps | phantom-dep:preact-custom-element | AI (phantom-deps): Bundled via Vite; stable FP for this package. | ai |
Versions (showing 23 of 432)
| Version | Deps | Published |
|---|---|---|
| 1.0.868 | 11 / 26 | |
| 1.0.867 | 11 / 26 | |
| 1.0.866 | 11 / 26 | |
| 1.0.865 | 11 / 26 | |
| 1.0.864 | 11 / 26 | |
| 1.0.863 | 11 / 26 | |
| 1.0.862 | 11 / 26 | |
| 1.0.861 | 11 / 26 | |
| 1.0.860 | 11 / 26 | |
| 1.0.859 | 11 / 26 | |
| 1.0.858 | 11 / 26 | |
| 1.0.857 | 11 / 26 | |
| 1.0.856 | 11 / 26 | |
| 1.0.855 | 11 / 26 | |
| 1.0.854 | 11 / 26 | |
| 1.0.853 | 11 / 26 | |
| 1.0.852 | 11 / 26 | |
| 1.0.851 | 11 / 26 | |
| 1.0.850 | 11 / 26 | |
| 1.0.849 | 11 / 26 | |
| 1.0.848 | 11 / 26 | |
| 1.0.847 | 11 / 26 | |
| 1.0.842 | 11 / 26 |
v1.0.868
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.867
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.866
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.865
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.864
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.863
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.862
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.861
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.860
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.859
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.858
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.857
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.856
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.855
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.854
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.853
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.852
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.851
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.850
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.849
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.848
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.847
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.842
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.