@fluentui/react-storybook-addon

fluentui react storybook addon

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

chrisdholtmiroslavstastnylevithomasonuifabricteamuifrnbotlayershifterjustslonemicrosoft1essopranopillow

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
publish-pattern	dormant-publish	AI (publish-pattern): Microsoft FluentUI monorepo; long gaps between addon releases are normal for this package.	ai	2026/05/14
publish-pattern	new-deps-added	AI (publish-pattern): All new deps are first-party @fluentui/* or @griffel/react from the same Microsoft monorepo.	ai	2026/05/14
phantom-deps	phantom-dep:@fluentui/react-spinner	AI (phantom-deps): Same-org FluentUI component; stable false positive for this addon package.	ai	2026/05/14
phantom-deps	phantom-dep:@fluentui/react-shared-contexts	AI (phantom-deps): Same-org FluentUI component; stable false positive for this addon package.	ai	2026/05/14
phantom-deps	phantom-dep:@fluentui/react-icons	AI (phantom-deps): Same-org FluentUI component; stable false positive for this addon package.	ai	2026/05/14
phantom-deps	phantom-dep:@fluentui/react-toast	AI (phantom-deps): Same-org FluentUI component; stable false positive for this addon package.	ai	2026/05/14
source-diff	source-size-tripled	AI (source-diff): Size increase matches addition of known @fluentui/* and @griffel/react runtime deps; no injected payload indicators.	ai	2026/05/14
source-diff	large-new-source-files	AI (source-diff): Growth reflects legitimate addition of FluentUI component dependencies in a monorepo package.	ai	2026/05/14
phantom-deps	phantom-dep:@fluentui/react-menu	AI (phantom-deps): Same-org @fluentui scope; stable false positive for this addon package.	ai	2026/05/14
phantom-deps	phantom-dep:@fluentui/react-switch	AI (phantom-deps): Same-org @fluentui scope; stable false positive for this addon package.	ai	2026/05/14
phantom-deps	phantom-dep:@fluentui/react-text	AI (phantom-deps): Same-org @fluentui scope; stable false positive for this addon package.	ai	2026/05/14
phantom-deps	phantom-dep:@fluentui/react-utilities	AI (phantom-deps): Same-org @fluentui scope; stable false positive for this addon package.	ai	2026/05/14
phantom-deps	phantom-dep:@griffel/react	AI (phantom-deps): Griffel is the official Fluent UI CSS-in-JS engine; used in config/preset context, not a direct import.	ai	2026/05/14
phantom-deps	phantom-dep:@fluentui/react-label	AI (phantom-deps): Same-org @fluentui scope; stable false positive for this addon package.	ai	2026/05/14
phantom-deps	phantom-dep:@fluentui/react-link	AI (phantom-deps): Same-org @fluentui scope; stable false positive for this addon package.	ai	2026/05/14
phantom-deps	phantom-dep:@fluentui/react-button	AI (phantom-deps): Same-org @fluentui scope; stable false positive for this addon package.	ai	2026/05/14
phantom-deps	phantom-dep:@fluentui/react-provider	AI (phantom-deps): Same-org transitive dependency; expected for Storybook addon.	ai	2026/05/14
phantom-deps	phantom-dep:@fluentui/react-aria	AI (phantom-deps): Same-org transitive dependency; expected for Storybook addon.	ai	2026/05/14
phantom-deps	phantom-dep:@swc/helpers	AI (phantom-deps): Known implicit runtime dependency; stable for this package.	ai	2026/05/14
phantom-deps	phantom-dep:@fluentui/react-theme	AI (phantom-deps): Same-org transitive dependency; expected for Storybook addon.	ai	2026/05/14