← Home

@gooddata/sdk-ui-dashboard

npm Repository Homepage

GoodData SDK - Dashboard Component

13
Versions
LicenseRef-LICENSE
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

rodri360jaceksanivan.mjartanlupkotomas.kratochvilstanislavhackervojtasiipbenesgooddata-cinikolacechpetrjanuhung.caoxmortbich.nguyenno23reasonmatyas.kandltu.buimy.duonghang.ngoscavnickyjthao-luongthuong.nguyenhuyen.nguyennestor_encinastmuchkagdjanphong.nguyentuan.tran_gdmkoldusmartin.milickapjiranekmartozardavid.zoufalyvasek.zmrhallucy.doanhkad98hoaimylukas.therondrejvelisekgdamilietaandrenanninga-gooddatadusan-kovacik-profiqkhuongnguyenmatej.pavlikjenny_gooddataarmhajbertold8jyn.nguyenmara3londrej.macapetr.veprekjan.tychtl.gooddatatimurmuhjkbmmilan.dufekmaitrieuphilongjkbm_gdzdenekornstjiri.starobahenry.nguyen.gooddataadam.prchalfrankhuynhmacekondmartinnajpeter.kozasandrasuspjarjan.svager.gooddataminh.ho.gooddatamaiphuong.buijakubz_goodpavelcernymvarhalikhankadev

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
maintainer-change maintainer-removed AI (maintainer-change): Same org rotation context; no evidence of hostile takeover. ai
source-diff large-new-source-files AI (source-diff): Large monorepo SDK; incremental version bumps routinely add many source files across the package. ai
maintainer-change maintainer-added AI (maintainer-change): Active GoodData monorepo; maintainer additions are routine for this org's CI-driven releases. ai
provenance no-provenance AI (provenance): Established GoodData SDK package; lack of provenance is consistent across all versions. ai
email-domain unclaimed-email:rodri360.com AI (email-domain): Established GoodData org package with long history; stale maintainer email is a hygiene issue, not an active threat vector. ai
dependencies unvetted-dep:@gooddata/sdk-ui-charts AI (dependencies): Same-org monorepo sibling at matching version. ai
dependencies unvetted-dep:@gooddata/sdk-ui-filters AI (dependencies): Same-org monorepo sibling at matching version. ai
dependencies unvetted-dep:@gooddata/number-formatter AI (dependencies): Same-org package; stable dependency across GoodData SDK versions. ai
dependencies unvetted-dep:@gooddata/sdk-backend-base AI (dependencies): Same-org monorepo sibling at matching version. ai
dependencies unvetted-dep:@gooddata/sdk-model AI (dependencies): Same-org monorepo sibling at matching version; not an independent supply-chain risk. ai
dependencies unvetted-dep:@gooddata/sdk-ui-theme-provider AI (dependencies): Same-org monorepo sibling at matching version. ai
phantom-deps phantom-dep:tslib AI (phantom-deps): tslib is a known implicit TypeScript runtime dep; stable false positive for TS packages. ai
phantom-deps phantom-dep:@gooddata/sdk-ui-vis-commons AI (phantom-deps): Same-org sibling; may be used transitively or re-exported without direct import. ai
dependencies unvetted-dep:@gooddata/sdk-ui-vis-commons AI (dependencies): Same-org monorepo sibling at matching version. ai
dependencies unvetted-dep:@gooddata/sdk-ui-ext AI (dependencies): Same-org monorepo sibling at matching version. ai
dependencies unvetted-dep:@gooddata/sdk-ui-geo AI (dependencies): Same-org monorepo sibling at matching version. ai
dependencies unvetted-dep:@gooddata/sdk-ui-kit AI (dependencies): Same-org monorepo sibling at matching version. ai
dependencies unvetted-dep:@gooddata/sdk-ui-pivot AI (dependencies): Same-org monorepo sibling at matching version. ai

Versions (showing 13 of 13)

Version Deps Published
11.40.0 39 / 49
11.39.0 39 / 49
11.38.0 39 / 49
11.37.0 39 / 49
11.36.0 39 / 49
11.35.0 39 / 49
11.34.0 39 / 49
11.33.0 39 / 49
11.32.0 39 / 49
11.31.0 39 / 49
11.30.0 39 / 49
11.29.0 39 / 49
11.28.0 39 / 49

v11.40.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v11.39.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v11.38.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v11.37.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v11.36.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v11.35.0

2 findings
HIGH Unclaimed maintainer email domain: rodri360.com email-domain

Maintainer email '[email protected]' uses domain 'rodri360.com' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v11.34.0

2 findings
HIGH Unclaimed maintainer email domain: rodri360.com email-domain

Maintainer email '[email protected]' uses domain 'rodri360.com' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v11.33.0

2 findings
HIGH Unclaimed maintainer email domain: rodri360.com email-domain

Maintainer email '[email protected]' uses domain 'rodri360.com' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v11.31.0

2 findings
HIGH Unclaimed maintainer email domain: rodri360.com email-domain

Maintainer email '[email protected]' uses domain 'rodri360.com' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v11.30.0

2 findings
HIGH Unclaimed maintainer email domain: rodri360.com email-domain

Maintainer email '[email protected]' uses domain 'rodri360.com' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v11.29.0

2 findings
HIGH Unclaimed maintainer email domain: rodri360.com email-domain

Maintainer email '[email protected]' uses domain 'rodri360.com' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v11.28.0

2 findings
HIGH Unclaimed maintainer email domain: rodri360.com email-domain

Maintainer email '[email protected]' uses domain 'rodri360.com' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.