@fundamental-ngx/cdk Apache-2.0 19 versions

@fundamental-ngx/cdk

npm Repository Homepage

Fundamental Library for Angular - CDK

19

Versions

Apache-2.0

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

fundamental-ui

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
phantom-deps	phantom-dep:@fundamental-ngx/i18n	AI (phantom-deps): Same-org sibling dep; phantom detection is a false positive here.	ai	2026/05/20
dependencies	unvetted-dep:@fundamental-styles/cx	AI (dependencies): SAP sibling package in the fundamental-styles ecosystem; stable dependency across versions.	ai	2026/05/19
phantom-deps	phantom-dep:tslib	AI (phantom-deps): tslib is a well-known Angular/TypeScript implicit runtime dep; stable false positive for this package.	ai	2026/05/19
phantom-deps	phantom-dep:@fundamental-styles/cx	AI (phantom-deps): First-party SAP styling dep; referenced in config/styles, stable false positive.	ai	2026/05/17
phantom-deps	phantom-dep:lodash-es	AI (phantom-deps): Angular library; lodash-es likely tree-shaken/used indirectly in build output, stable false positive for this package.	ai	2026/05/17
phantom-deps	phantom-dep:@sap-theming/theming-base-content	AI (phantom-deps): SAP theming asset dep; referenced in config, stable false positive for this package.	ai	2026/05/17
phantom-deps	phantom-dep:compare-versions	AI (phantom-deps): Declared dep used in build/config context; stable false positive for this package.	ai	2026/05/17
phantom-deps	phantom-dep:fundamental-styles	AI (phantom-deps): First-party SAP styling dep; referenced in config/styles, stable false positive.	ai	2026/05/17

Versions (showing 19 of 19)

Version	Deps	Published
0.62.3	8 / 0	2026-05-18
0.61.3	8 / 0	2026-03-31
0.60.3	8 / 0	2026-03-06
0.57.4	8 / 0	2025-11-05
0.57.3	8 / 0	2025-08-07
0.57.2	8 / 0	2025-07-25
0.57.1	8 / 0	2025-07-07
0.57.0	8 / 0	2025-06-17
0.56.6	8 / 0	2025-09-12
0.56.5	8 / 0	2025-06-26
0.56.3	8 / 0	2025-06-04
0.55.8	8 / 0	2025-06-04
0.55.7	8 / 0	2025-05-31
0.54.6	8 / 0	2025-09-12
0.54.4	8 / 0	2025-05-31
0.53.4	8 / 0	2025-05-31
0.43.61	9 / 0	2025-10-09
0.43.56	9 / 0	2025-07-15
0.43.54	9 / 0	2025-04-30

v0.62.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.61.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.60.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.57.4

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.57.3

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.57.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.57.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.57.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.56.6

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.56.5

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.56.3

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.55.8

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.55.7

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.54.6

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.54.4

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.53.4

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.43.61

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.43.56

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.43.54

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.