@fundamental-ngx/core Apache-2.0 9 versions

@fundamental-ngx/core

npm Repository Homepage

Fundamental Library for Angular - core

9

Versions

Apache-2.0

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

fundamental-ui

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
typosquat	typosquat.levenshtein:cors	AI (typosquat): Established SAP Angular component library; name similarity to 'cors' is purely coincidental.	ai	2026/05/17
phantom-deps	phantom-dep:lodash-es	AI (phantom-deps): Angular library with fesm2022 bundles; lodash-es may be tree-shaken into bundles without direct top-level imports.	ai	2026/05/17
phantom-deps	phantom-dep:focus-trap	AI (phantom-deps): Same rationale — bundled Angular library; focus-trap usage may not surface as a direct import at the config level.	ai	2026/05/17

Versions (showing 9 of 9)

Version	Deps	Published
0.62.3	5 / 0	2026-05-18
0.62.2	5 / 0	2026-05-13
0.62.1	5 / 0	2026-05-03
0.62.0	5 / 0	2026-04-29
0.61.5	5 / 0	2026-04-13
0.61.4	5 / 0	2026-03-31
0.61.3	5 / 0	2026-03-31
0.61.1	5 / 0	2026-03-06
0.58.6	5 / 0	2026-03-31

v0.62.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.62.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.62.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.62.0

2 findings

HIGH typosquat.levenshtein: Possible typosquat of 'cors' typosquat

Package name '@fundamental-ngx/core' is 1 edit(s) away from popular package 'cors'.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.61.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.61.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.61.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.61.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.58.6

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.