@igniteui/angular-schematics
Ignite UI for Angular Schematics for ng new and ng generate
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| install-scripts | install-script:postinstall | AI (install-scripts): Long-standing schematics package; postinstall runs a local setup script, consistent with documented tooling across 406 versions. | ai | |
| semgrep | semgrep:dynamic-require | AI (semgrep): Dynamic require loads a user project config file (igx-project.json); not arbitrary module loading, stable pattern for this package. | ai | |
| phantom-deps | phantom-dep:@schematics/angular | AI (phantom-deps): @schematics/angular is referenced in schematics config files, not direct JS imports; false positive for this package type. | ai |
Versions (showing 5 of 5)
| Version | Deps | Published |
|---|---|---|
| 21.2.1510 | 7 / 5 | |
| 21.2.1501 | 7 / 5 | |
| 21.2.1500 | 7 / 5 | |
| 20.1.1466 | 7 / 5 | |
| 20.1.1465 | 7 / 5 |
v21.2.1510
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v21.2.1501
2 findingsScript: node ./scripts/install.js
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v21.2.1500
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v20.1.1466
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v20.1.1465
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.