@imj_media/tareas
Módulo de tareas (React) para integrarse en aplicaciones host (p. ej. OBP).
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:@fortawesome/pro-duotone-svg-icons | AI (dependencies): Legitimate Font Awesome Pro icon package; stable dependency for this UI component library. | ai | |
| provenance | no-provenance | AI (provenance): Established package with 131 versions; lack of provenance is consistent across all prior releases. | ai | |
| npm-metadata | no-description | AI (npm-metadata): Internal org package; missing description is consistent across its version history. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Internal org package with 131 versions; missing metadata is a style issue, not a security signal. | ai | |
| phantom-deps | phantom-dep:echarts | AI (phantom-deps): echarts is a declared runtime dep used via echarts-for-react; phantom-dep heuristic false positive. | ai | |
| phantom-deps | phantom-dep:@fortawesome/react-fontawesome | AI (phantom-deps): FontAwesome React wrapper is a runtime dep; phantom-dep heuristic false positive. | ai | |
| phantom-deps | phantom-dep:vite-plugin-dts | AI (phantom-deps): Build-time plugin referenced in vite config; not imported in source directly by design. | ai | |
| phantom-deps | phantom-dep:tailwind-scrollbar | AI (phantom-deps): Tailwind plugin referenced in config files, not JS imports; stable false positive. | ai | |
| phantom-deps | phantom-dep:tailwindcss-animate | AI (phantom-deps): Tailwind plugin referenced in config files, not JS imports; stable false positive. | ai |
Versions (showing 10 of 10)
| Version | Deps | Published |
|---|---|---|
| 1.6.3 | 17 / 33 | |
| 1.6.2 | 17 / 33 | |
| 1.6.0 | 17 / 33 | |
| 1.5.56 | 17 / 31 | |
| 1.5.55 | 19 / 30 | |
| 1.5.54 | 19 / 30 | |
| 1.5.53 | 19 / 30 | |
| 1.5.52 | 19 / 30 | |
| 1.5.27 | 15 / 30 | |
| 1.5.0 | 15 / 28 |
v1.6.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.5.56
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.5.55
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.5.54
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.5.53
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.5.52
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.5.27
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.5.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.