@fluentui/react-charts — Greenflagged

React web chart controls for Microsoft fluentui v9 system.

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

chrisdholtmiroslavstastnylevithomasonuifabricteamuifrnbotlayershifterjustslonemicrosoft1essopranopillow

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
dependencies	unvetted-dep:@fluentui/chart-utilities	AI (dependencies): Same @fluentui org scope as this package; part of the official Microsoft FluentUI monorepo.	ai	2026/05/09
phantom-deps	phantom-dep:@types/d3-time	AI (phantom-deps): TypeScript @types packages declared as deps in a charting lib; loaded by convention, not direct import.	ai	2026/04/29
phantom-deps	phantom-dep:@types/d3-array	AI (phantom-deps): TypeScript @types packages declared as deps in a charting lib; loaded by convention, not direct import.	ai	2026/04/29
phantom-deps	phantom-dep:@types/d3-color	AI (phantom-deps): TypeScript @types packages declared as deps in a charting lib; loaded by convention, not direct import.	ai	2026/04/29
phantom-deps	phantom-dep:@types/d3-scale	AI (phantom-deps): TypeScript @types packages declared as deps in a charting lib; loaded by convention, not direct import.	ai	2026/04/29
phantom-deps	phantom-dep:@types/d3-shape	AI (phantom-deps): TypeScript @types packages declared as deps in a charting lib; loaded by convention, not direct import.	ai	2026/04/29
phantom-deps	phantom-dep:@types/d3-format	AI (phantom-deps): TypeScript @types packages declared as deps in a charting lib; loaded by convention, not direct import.	ai	2026/04/29
phantom-deps	phantom-dep:@types/d3-axis	AI (phantom-deps): TypeScript @types packages declared as deps in a charting lib; loaded by convention, not direct import.	ai	2026/04/29
phantom-deps	phantom-dep:@types/d3-hierarchy	AI (phantom-deps): TypeScript @types packages declared as deps in a charting lib; loaded by convention, not direct import.	ai	2026/04/29
phantom-deps	phantom-dep:@types/d3-selection	AI (phantom-deps): TypeScript @types packages declared as deps in a charting lib; loaded by convention, not direct import.	ai	2026/04/29
phantom-deps	phantom-dep:@types/d3-time-format	AI (phantom-deps): TypeScript @types packages declared as deps in a charting lib; loaded by convention, not direct import.	ai	2026/04/29
phantom-deps	phantom-dep:d3-hierarchy	AI (phantom-deps): d3-hierarchy is a standard d3 sub-module used by charting libs; phantom-dep heuristic false positive.	ai	2026/04/29
phantom-deps	phantom-dep:@fluentui/react-jsx-runtime	AI (phantom-deps): Same-org FluentUI package; used via JSX transform convention, not direct import.	ai	2026/04/29
bogus-package	bogus-package	AI (bogus-package): Microsoft FluentUI component library; README link-dump signal is a false positive for official MS docs style.	ai	2026/04/29
phantom-deps	phantom-dep:@types/d3-sankey	AI (phantom-deps): TypeScript @types packages declared as deps in a charting lib; loaded by convention, not direct import.	ai	2026/04/29

Versions (showing 10 of 10)

Version	Deps	Published
9.3.18	34 / 0	2026-04-23
9.3.16	34 / 0	2026-03-30
9.2.1	34 / 4	2025-07-30
9.2.0	34 / 4	2025-07-30
9.1.10	34 / 5	2025-07-28
9.1.4	34 / 5	2025-06-26
9.1.3	34 / 5	2025-06-23
9.1.1	34 / 5	2025-06-13
9.0.6	34 / 5	2025-06-06
9.0.5	34 / 5	2025-05-14