@fleetbase/ember-ui — Greenflagged

Fleetbase UI provides all the interface components, helpers, services and utilities for building a Fleetbase extension into the Console.

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

roncodesshivthakker

Keywords

fleetbase-uifleetbase-extension-uifleetbaseember-addon

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
phantom-deps	phantom-dep:@makepanic/ember-power-calendar-date-fns	AI (phantom-deps): Ember addon used via config, not directly imported.	ai	2026/05/14
dependencies	unvetted-dep:@ember/render-modifiers	AI (dependencies): Official Ember package; stable false positive for this addon.	ai	2026/05/14
dependencies	unvetted-dep:ember-concurrency-decorators	AI (dependencies): Standard Ember concurrency utility; stable false positive for this addon.	ai	2026/05/14
dependencies	unvetted-dep:ember-concurrency-test-waiter	AI (dependencies): Standard Ember concurrency utility; stable false positive for this addon.	ai	2026/05/14
phantom-deps	phantom-dep:ember-cli-postcss	AI (phantom-deps): Ember addon config-only reference; typical Ember addon pattern.	ai	2026/05/14
phantom-deps	phantom-dep:ember-cli-htmlbars	AI (phantom-deps): Template compilation tool referenced in config; typical Ember addon pattern.	ai	2026/05/14
phantom-deps	phantom-dep:ember-math-helpers	AI (phantom-deps): Template-only helper; not JS-imported by design in Ember addons.	ai	2026/05/14
phantom-deps	phantom-dep:ember-truth-helpers	AI (phantom-deps): Template-only helper; not JS-imported by design in Ember addons.	ai	2026/05/14
phantom-deps	phantom-dep:ember-power-calendar	AI (phantom-deps): Template-only component; not JS-imported by design in Ember addons.	ai	2026/05/14
phantom-deps	phantom-dep:ember-style-modifier	AI (phantom-deps): Template-only modifier; not JS-imported by design in Ember addons.	ai	2026/05/14
phantom-deps	phantom-dep:@ember/render-modifiers	AI (phantom-deps): Template-only modifier; not JS-imported by design in Ember addons.	ai	2026/05/14
phantom-deps	phantom-dep:chartjs-adapter-date-fns	AI (phantom-deps): Config-referenced adapter; stable false positive for this addon.	ai	2026/05/14
phantom-deps	phantom-dep:ember-composable-helpers	AI (phantom-deps): Template-only helpers; not JS-imported by design in Ember addons.	ai	2026/05/14
dependencies	unvetted-dep:ember-auto-import	AI (dependencies): Standard Ember ecosystem build tool; stable false positive for this addon.	ai	2026/05/14
phantom-deps	phantom-dep:@tiptap/extension-highlight	AI (phantom-deps): Config-referenced extension; stable false positive for this addon.	ai	2026/05/14
phantom-deps	phantom-dep:@fortawesome/ember-fontawesome	AI (phantom-deps): Template-only component; not JS-imported by design in Ember addons.	ai	2026/05/14
phantom-deps	phantom-dep:@fortawesome/fontawesome-svg-core	AI (phantom-deps): Config-referenced icon library; stable false positive for this addon.	ai	2026/05/14
phantom-deps	phantom-dep:@fortawesome/free-solid-svg-icons	AI (phantom-deps): Config-referenced icon set; stable false positive for this addon.	ai	2026/05/14
dependencies	unvetted-dep:ember-cli-htmlbars	AI (dependencies): Core Ember template compilation tool; stable false positive for this addon.	ai	2026/05/14
dependencies	unvetted-dep:ember-power-select	AI (dependencies): Well-known Ember UI component; stable false positive for this addon.	ai	2026/05/14
phantom-deps	phantom-dep:@fortawesome/free-brands-svg-icons	AI (phantom-deps): Config-referenced icon set; stable false positive for this addon.	ai	2026/05/14
provenance	no-provenance	AI (provenance): Established Fleetbase org package; lack of Sigstore provenance is common and not a risk signal here.	ai	2026/05/11
phantom-deps	phantom-dep:@embroider/addon	AI (phantom-deps): Embroider build tool; loaded by convention.	ai	2026/05/11
phantom-deps	phantom-dep:leaflet	AI (phantom-deps): Ember addon; deps declared for build pipeline/config, not direct JS imports.	ai	2026/05/11
phantom-deps	phantom-dep:ember-can	AI (phantom-deps): Ember addon convention; loaded via Ember resolver, not direct import.	ai	2026/05/11
phantom-deps	phantom-dep:gridstack	AI (phantom-deps): Ember addon convention; loaded via config/resolver.	ai	2026/05/11
phantom-deps	phantom-dep:@tiptap/pm	AI (phantom-deps): Ember addon convention; peer dep loaded transitively.	ai	2026/05/11
phantom-deps	phantom-dep:@babel/core	AI (phantom-deps): Framework-scoped build tool; loaded by convention.	ai	2026/05/11
phantom-deps	phantom-dep:ember-leaflet	AI (phantom-deps): Ember addon convention.	ai	2026/05/11
phantom-deps	phantom-dep:ember-loading	AI (phantom-deps): Ember addon convention.	ai	2026/05/11
phantom-deps	phantom-dep:ember-animated	AI (phantom-deps): Ember addon convention.	ai	2026/05/11
phantom-deps	phantom-dep:ember-wormhole	AI (phantom-deps): Ember addon convention.	ai	2026/05/11
phantom-deps	phantom-dep:ember-cli-babel	AI (phantom-deps): Ember build tool; loaded by convention.	ai	2026/05/11
phantom-deps	phantom-dep:ember-drag-sort	AI (phantom-deps): Ember addon convention.	ai	2026/05/11
phantom-deps	phantom-dep:ember-gridstack	AI (phantom-deps): Ember addon convention.	ai	2026/05/11
phantom-deps	phantom-dep:ember-inflector	AI (phantom-deps): Ember addon convention.	ai	2026/05/11
phantom-deps	phantom-dep:ember-on-helper	AI (phantom-deps): Ember addon convention.	ai	2026/05/11
phantom-deps	phantom-dep:ember-tag-input	AI (phantom-deps): Ember addon convention.	ai	2026/05/11
phantom-deps	phantom-dep:ember-focus-trap	AI (phantom-deps): Ember addon convention.	ai	2026/05/11
phantom-deps	phantom-dep:ember-responsive	AI (phantom-deps): Ember addon convention.	ai	2026/05/11
phantom-deps	phantom-dep:@embroider/macros	AI (phantom-deps): Embroider build tool; loaded by convention.	ai	2026/05/11
phantom-deps	phantom-dep:ember-auto-import	AI (phantom-deps): Ember build tool; loaded by convention.	ai	2026/05/11

Versions (showing 28 of 28)

Version	Deps	Published
0.3.33	83 / 42	2026-06-04
0.3.32	83 / 42	2026-05-27
0.3.31	83 / 42	2026-05-20
0.3.30	83 / 42	2026-05-20
0.3.29	83 / 42	2026-05-05
0.3.28	83 / 42	2026-05-05
0.3.27	83 / 42	2026-05-03
0.3.26	83 / 42	2026-04-13
0.3.24	82 / 42	2026-03-16
0.3.23	81 / 42	2026-03-02
0.3.21	81 / 42	2026-02-24
0.3.19	81 / 42	2026-02-12
0.3.18	81 / 42	2025-12-30
0.3.17	81 / 42	2025-12-29
0.3.16	81 / 42	2025-12-26
0.3.14	81 / 42	2025-12-06
0.3.12	81 / 41	2025-12-05
0.3.10	81 / 41	2025-11-12
0.3.9	81 / 41	2025-11-06
0.3.8	81 / 41	2025-10-30
0.3.7	81 / 41	2025-10-27
0.3.6	81 / 41	2025-10-20
0.3.5	81 / 41	2025-10-14
0.3.4	79 / 41	2025-08-20
0.3.3	79 / 41	2025-08-03
0.3.2	79 / 41	2025-05-26
0.3.1	79 / 41	2025-05-23
0.3.0	81 / 41	2025-05-16

v0.3.33

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.32

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.31

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.30

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.29

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.3.28

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.3.27

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.3.26

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.3.24

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.23

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.3.21

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.3.19

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.3.18

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.3.17

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.3.16

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.3.14

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.3.12

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.3.10

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.3.9

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.3.8

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.7

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.6

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.5

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.4

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.3

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.3.2

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.1

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.3.0

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.