@fundamental-ngx/ui5-webcomponents

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

fundamental-ui

Keywords

angularui5ui5-webcomponentsweb-componentssapfioringxdesign-systembtpangular-componentssap-fiorifundamentalangular-wrapperangular-ui5ui5-angularwebcomponents-angulartype-safe

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	obfuscated-file:fesm2022/fundamental-ngx-ui5-webcomponents-date-picker.mjs	AI (source-diff): Standard Angular fesm2022 compiled output; long lines are normal for this build format.	ai	2026/05/11
source-diff	obfuscated-file:fesm2022/fundamental-ngx-ui5-webcomponents-date-range-picker.mjs	AI (source-diff): Standard Angular fesm2022 compiled output; long lines are normal for this build format.	ai	2026/05/11
source-diff	obfuscated-file:fesm2022/fundamental-ngx-ui5-webcomponents-date-time-picker.mjs	AI (source-diff): Standard Angular fesm2022 compiled output; long lines are normal for this build format.	ai	2026/05/11
phantom-deps	phantom-dep:fast-deep-equal	AI (phantom-deps): Declared runtime dep replacing fast-equals; phantom detection is a false positive for this package.	ai	2026/05/11
phantom-deps	phantom-dep:tslib	AI (phantom-deps): tslib is a standard Angular/TypeScript implicit runtime dep; not directly imported by design.	ai	2026/04/29
phantom-deps	phantom-dep:@sap-theming/theming-base-content	AI (phantom-deps): SAP theming asset package; referenced in config, not directly imported by design.	ai	2026/04/29
phantom-deps	phantom-dep:lodash-es	AI (phantom-deps): Referenced in config files; standard pattern for Angular library bundles.	ai	2026/04/29
phantom-deps	phantom-dep:fast-equals	AI (phantom-deps): Referenced in config files; standard pattern for Angular library bundles.	ai	2026/04/29
phantom-deps	phantom-dep:compare-versions	AI (phantom-deps): Referenced in config files; standard pattern for Angular library bundles.	ai	2026/04/29

Versions (showing 22 of 22)

Version	Deps	Published
0.62.3	6 / 0	2026-05-18
0.62.2	6 / 0	2026-05-13
0.62.1	6 / 0	2026-05-03
0.62.0	6 / 0	2026-04-29
0.61.5	6 / 0	2026-04-13
0.61.4	6 / 0	2026-03-31
0.61.3	6 / 0	2026-03-31
0.61.2	6 / 0	2026-03-13
0.61.1	6 / 0	2026-03-06
0.60.3	6 / 0	2026-03-06
0.60.2	6 / 0	2026-03-03
0.60.1	6 / 0	2026-02-24
0.60.0	6 / 0	2026-02-17
0.59.3	6 / 0	2026-03-06
0.59.2	6 / 0	2026-03-03
0.59.1	6 / 0	2026-02-05
0.59.0	6 / 0	2026-01-24
0.58.6	5 / 0	2026-03-31
0.58.5	5 / 0	2026-03-16
0.58.4	5 / 0	2026-03-12
0.58.3	5 / 0	2026-03-06
0.58.2	5 / 0	2026-02-20

v0.62.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.62.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.62.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.62.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.61.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.61.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.61.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.61.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.60.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.60.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.60.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.60.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.59.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.59.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.59.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.59.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.58.6

4 findings

HIGH New obfuscated file: fesm2022/fundamental-ngx-ui5-webcomponents-date-picker.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: fesm2022/fundamental-ngx-ui5-webcomponents-date-range-picker.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: fesm2022/fundamental-ngx-ui5-webcomponents-date-time-picker.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.58.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.58.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.58.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.58.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.