@instantdb/components
Instant's UI components
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| publish-pattern | new-deps-added | AI (publish-pattern): @radix-ui/react-visually-hidden is a well-known Radix UI primitive; consistent with existing Radix deps in this package. | ai | |
| provenance | missing-githead | AI (provenance): Explained by CI/CD environment change; SLSA provenance attestation provides stronger integrity signal. | ai | |
| provenance | publisher-changed | AI (provenance): Legitimate migration to GitHub Actions CI with SLSA attestation; consistent with instantdb org's publishing pattern. | ai | |
| phantom-deps | phantom-dep:@babel/parser | AI (phantom-deps): Framework-scoped package loaded by convention in Babel toolchain. | ai | |
| phantom-deps | phantom-dep:export-to-csv | AI (phantom-deps): Referenced in config files; expected utility for component library. | ai | |
| phantom-deps | phantom-dep:markdown-table | AI (phantom-deps): Referenced in config files; expected utility for component library. | ai | |
| phantom-deps | phantom-dep:@radix-ui/react-collapsible | AI (phantom-deps): Referenced in config files; expected Radix UI component dependency. | ai | |
| phantom-deps | phantom-dep:react-intersection-observer | AI (phantom-deps): Referenced in config files; expected utility for component library. | ai | |
| phantom-deps | phantom-dep:nuqs | AI (phantom-deps): Referenced in config files for a Vite-based component library; expected transitive dependency. | ai | |
| phantom-deps | phantom-dep:motion | AI (phantom-deps): Referenced in config files; expected for animation library in component library. | ai | |
| phantom-deps | phantom-dep:@babel/types | AI (phantom-deps): Framework-scoped package loaded by convention in Babel toolchain. | ai | |
| dependencies | unvetted-dep:@radix-ui/react-tooltip | AI (dependencies): @radix-ui/react-tooltip is a well-known, widely-used React UI primitive from the Radix UI project. Standard dependency for a UI component library. | ai | |
| dependencies | unvetted-dep:@radix-ui/react-dropdown-menu | AI (dependencies): @radix-ui/react-dropdown-menu is a well-known, widely-used React UI primitive from the Radix UI project. Standard dependency for a UI component library. | ai | |
| phantom-deps | phantom-dep:@instantdb/admin | AI (phantom-deps): Same-org package in a monorepo context; expected phantom dep pattern for @instantdb/* packages. | ai | |
| phantom-deps | phantom-dep:@instantdb/version | AI (phantom-deps): Same-org package in a monorepo context; expected phantom dep pattern for @instantdb/* packages. | ai | |
| dependencies | unvetted-dep:@radix-ui/react-select | AI (dependencies): @radix-ui/react-select is a well-known, widely-used React UI primitive from the Radix UI project. Standard dependency for a UI component library. | ai | |
| dependencies | unvetted-dep:@radix-ui/react-dialog | AI (dependencies): @radix-ui/react-dialog is a well-known, widely-used React UI primitive from the Radix UI project. Standard dependency for a UI component library. | ai | |
| provenance | slsa-provenance | AI (provenance): Package is published via GitHub Actions CI/CD with SLSA provenance attestation; this is the expected and documented release process for the instantdb monorepo. | ai |
Versions (showing 39 of 145)
| Version | Deps | Published |
|---|---|---|
| 0.22.125 | 40 / 25 | |
| 0.22.124 | 40 / 25 | |
| 0.22.123 | 40 / 25 | |
| 0.22.122 | 40 / 25 | |
| 0.22.121 | 40 / 25 | |
| 0.22.120 | 40 / 25 | |
| 0.22.119 | 40 / 25 | |
| 0.22.118 | 40 / 25 | |
| 0.22.117 | 40 / 25 | |
| 0.22.116 | 40 / 25 | |
| 0.22.115 | 40 / 25 | |
| 0.22.114 | 40 / 25 | |
| 0.22.113 | 40 / 25 | |
| 0.22.112 | 40 / 25 | |
| 0.22.111 | 40 / 25 | |
| 0.22.110 | 40 / 25 | |
| 0.22.109 | 40 / 25 | |
| 0.22.108 | 40 / 25 | |
| 0.22.107 | 40 / 25 | |
| 0.22.106 | 40 / 25 | |
| 0.22.105 | 40 / 25 | |
| 0.22.104 | 40 / 25 | |
| 0.22.103 | 40 / 25 | |
| 0.22.102 | 40 / 25 | |
| 0.22.101 | 40 / 25 | |
| 0.22.100 | 40 / 25 | |
| 0.22.99 | 40 / 25 | |
| 0.22.98 | 40 / 25 | |
| 0.22.97 | 40 / 25 | |
| 0.22.96 | 40 / 25 | |
| 0.22.95 | 40 / 25 | |
| 0.22.94 | 40 / 25 | |
| 0.22.93 | 40 / 25 | |
| 0.22.92 | 40 / 25 | |
| 0.22.91 | 40 / 25 | |
| 0.22.90 | 40 / 25 | |
| 0.22.89 | 39 / 25 | |
| 0.22.87 | 39 / 25 | |
| 0.0.1 | 39 / 25 |
v0.22.125
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.124
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.123
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.122
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.121
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.120
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.119
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.118
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.117
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.116
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.115
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.114
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.113
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.112
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.111
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.110
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.109
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.108
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.107
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.106
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.105
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.104
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.103
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.102
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.101
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.100
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.99
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.98
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.97
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.96
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.95
2 findingsPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
[Accepted risk] This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.
v0.22.94
2 findingsPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
[Accepted risk] This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.
v0.22.93
2 findingsPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
[Accepted risk] This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.
v0.22.92
2 findingsPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
[Accepted risk] This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.
v0.22.91
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.90
2 findingsPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
[Accepted risk] This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.
v0.22.89
2 findingsPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
[Accepted risk] This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.
v0.22.87
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.