@hh.ru/magritte-ui-scrollable-container
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| publish-pattern | new-deps-added | AI (publish-pattern): New dep is from the same @hh.ru/magritte-* monorepo family; low risk for this publisher. | ai | |
| dependencies | unvetted-dep:@hh.ru/magritte-ui-icon | AI (dependencies): Same org-scoped monorepo dependency; consistent with the package's design system context. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Monorepo component package; missing metadata is expected for internal design system packages. | ai | |
| npm-metadata | no-description | AI (npm-metadata): Consistent pattern across hh.ru magritte-ui component packages; not a malware indicator. | ai | |
| phantom-deps | phantom-dep:@hh.ru/magritte-design-tokens | AI (phantom-deps): Same-org design token dep; likely used indirectly via CSS/tokens, stable false positive for this package. | ai |
Versions (showing 47 of 47)
| Version | Deps | Published |
|---|---|---|
| 6.2.20 | 9 / 0 | |
| 6.2.19 | 9 / 0 | |
| 6.2.18 | 9 / 0 | |
| 6.2.17 | 9 / 0 | |
| 6.2.16 | 9 / 0 | |
| 6.2.15 | 9 / 0 | |
| 6.2.14 | 9 / 0 | |
| 6.2.13 | 9 / 0 | |
| 6.2.12 | 9 / 0 | |
| 6.2.11 | 9 / 0 | |
| 6.2.10 | 9 / 0 | |
| 6.2.9 | 9 / 0 | |
| 6.2.8 | 9 / 0 | |
| 6.2.7 | 9 / 0 | |
| 6.2.6 | 9 / 0 | |
| 6.2.5 | 9 / 0 | |
| 6.2.4 | 9 / 0 | |
| 6.2.3 | 9 / 0 | |
| 6.2.2 | 9 / 0 | |
| 6.2.1 | 9 / 0 | |
| 6.2.0 | 9 / 0 | |
| 6.1.2 | 9 / 0 | |
| 6.1.1 | 9 / 0 | |
| 6.1.0 | 9 / 0 | |
| 6.0.2 | 8 / 0 | |
| 6.0.1 | 8 / 0 | |
| 6.0.0 | 8 / 0 | |
| 5.3.0 | 8 / 0 | |
| 5.2.60 | 8 / 0 | |
| 5.2.59 | 8 / 0 | |
| 5.2.58 | 8 / 0 | |
| 5.2.57 | 8 / 0 | |
| 5.2.56 | 8 / 0 | |
| 5.2.55 | 8 / 0 | |
| 5.2.54 | 8 / 0 | |
| 5.2.53 | 8 / 0 | |
| 5.2.52 | 8 / 0 | |
| 5.2.51 | 8 / 0 | |
| 5.2.50 | 8 / 0 | |
| 5.2.49 | 8 / 0 | |
| 5.2.48 | 8 / 0 | |
| 5.2.47 | 8 / 0 | |
| 5.2.46 | 8 / 0 | |
| 5.2.45 | 8 / 0 | |
| 5.2.44 | 8 / 0 | |
| 5.2.43 | 8 / 0 | |
| 5.2.40 | 8 / 0 |
v6.2.20
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.2.19
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.2.18
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.2.17
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.2.16
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.2.15
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.2.14
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.2.13
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.2.12
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.2.11
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.2.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.2.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.2.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.2.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.2.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.2.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.2.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.2.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.2.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.2.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.2.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.1.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.1.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.1.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.0.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.0.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.0.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.3.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.2.60
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.2.59
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.2.58
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.2.57
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.2.56
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.2.55
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.2.54
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.2.53
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.2.52
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.2.51
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.2.50
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.2.49
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.2.48
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.2.47
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.2.46
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.2.45
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.2.44
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.2.43
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.2.40
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.