@itcase/ui-web
UI components
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/Button_cjs_BxWdQPXX.js | AI (source-diff): Standard Rollup minified CJS bundle for Button component; no malicious content. | ai | |
| source-diff | obfuscated-file:dist/SelectContainer_es_CYE4jSv4.js | AI (source-diff): Standard Rollup minified ESM bundle for SelectContainer component; no malicious content. | ai | |
| source-diff | obfuscated-file:dist/SelectContainer_cjs_DYDy_jPD.js | AI (source-diff): Standard Rollup minified CJS bundle for SelectContainer component; no malicious content. | ai | |
| source-diff | obfuscated-file:dist/DatePicker_es_CrRe6OmD.js | AI (source-diff): Standard Rollup minified ESM bundle for DatePicker component; no malicious content. | ai | |
| source-diff | obfuscated-file:dist/DatePicker_cjs_DTu0OjWW.js | AI (source-diff): Standard Rollup minified CJS bundle for DatePicker component; no malicious content. | ai | |
| source-diff | obfuscated-file:dist/Button_es_CRMaMLMS.js | AI (source-diff): Standard Rollup minified ESM bundle for Button component; no malicious content. | ai | |
| source-diff | obfuscated-file:dist/Avatar_es_JNHZc9lc.js | AI (source-diff): Standard Rollup ESM bundle; readable UI component code. | ai | |
| source-diff | obfuscated-file:dist/Avatar_cjs_u7zGQxZP.js | AI (source-diff): Standard Rollup minified bundle output; readable UI component code, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/Button_cjs_CDr9zTdB.js | AI (source-diff): Standard Rollup CJS bundle; readable UI component code. | ai | |
| source-diff | obfuscated-file:dist/Button_es_M2ryMLoI.js | AI (source-diff): Standard Rollup ESM bundle; readable UI component code. | ai | |
| source-diff | obfuscated-file:dist/ChipsGroup_cjs_BfWpClti.js | AI (source-diff): Standard Rollup CJS bundle; readable UI component code. | ai | |
| source-diff | obfuscated-file:dist/ChipsGroup_es_CrKRN7eQ.js | AI (source-diff): Standard Rollup ESM bundle; readable UI component code. | ai | |
| source-diff | obfuscated-file:dist/DatePicker_cjs_Cd7wsJCG.js | AI (source-diff): Standard Rollup CJS bundle; readable UI component code. | ai | |
| source-diff | obfuscated-file:dist/DatePicker_es_BhrZj2OP.js | AI (source-diff): Standard Rollup ESM bundle; readable UI component code. | ai | |
| source-diff | obfuscated-file:dist/default_cjs_BMbs2it-.js | AI (source-diff): Standard Rollup CJS bundle output for this UI library. | ai | |
| source-diff | obfuscated-file:dist/default_es_CaWUd9iO.js | AI (source-diff): Standard Rollup ESM bundle output for this UI library. | ai | |
| source-diff | obfuscated-file:dist/Input_cjs_D9PxC_lJ.js | AI (source-diff): Standard Rollup CJS bundle; readable UI component code. | ai | |
| source-diff | obfuscated-file:dist/Input_es_DabuPYuA.js | AI (source-diff): Standard Rollup ESM bundle; readable UI component code. | ai | |
| source-diff | large-new-source-files | AI (source-diff): UI component library adding new components across dual CJS/ESM formats; large file count is expected. | ai | |
| source-diff | obfuscated-file:dist/DatePicker_es_BUuLD4Mw.js | AI (source-diff): Standard Rollup minified ESM bundle; readable DatePicker component logic. | ai | |
| source-diff | obfuscated-file:dist/default_cjs_BMdcKzhJ.js | AI (source-diff): Standard Rollup minified CJS bundle; boilerplate Object.assign polyfill pattern. | ai | |
| source-diff | obfuscated-file:dist/default_es_OK2akzEP.js | AI (source-diff): Standard Rollup minified ESM bundle; boilerplate Object.assign polyfill pattern. | ai | |
| source-diff | obfuscated-file:dist/SelectContainer_cjs_BxwAS8PG.js | AI (source-diff): Standard Rollup minified CJS bundle; readable SelectContainer component logic. | ai | |
| source-diff | obfuscated-file:dist/SelectContainer_es_Dtoz7GhG.js | AI (source-diff): Standard Rollup minified ESM bundle; readable SelectContainer component logic. | ai | |
| source-diff | obfuscated-file:dist/Button_cjs_BqrCpR77.js | AI (source-diff): Standard Rollup minified CJS bundle; readable UI component logic, no obfuscation. | ai | |
| source-diff | obfuscated-file:dist/Button_es_BVfoGAzN.js | AI (source-diff): Standard Rollup minified ESM bundle; readable UI component logic, no obfuscation. | ai | |
| source-diff | obfuscated-file:dist/DatePicker_cjs_BGDmBIGC.js | AI (source-diff): Standard Rollup minified CJS bundle; readable DatePicker component logic. | ai | |
| phantom-deps | phantom-dep:@itcase/tokens-am | AI (phantom-deps): Same-org design token package; used in config, stable FP. | ai | |
| phantom-deps | phantom-dep:framer-motion | AI (phantom-deps): Animation lib referenced in config/stories; stable FP for this package. | ai | |
| phantom-deps | phantom-dep:@itcase/icons | AI (phantom-deps): Same-org package used in stories/config; stable FP for this package. | ai | |
| phantom-deps | phantom-dep:motion | AI (phantom-deps): motion is a peer of framer-motion; referenced in config, not direct import. Stable FP. | ai | |
| phantom-deps | phantom-dep:@itcase/tokens-palette | AI (phantom-deps): Same-org design token package; used in config, stable FP. | ai | |
| phantom-deps | phantom-dep:@itcase/tokens-baikal | AI (phantom-deps): Same-org design token package; used in config, stable FP. | ai | |
| phantom-deps | phantom-dep:uuid | AI (phantom-deps): UI component library; uuid used in config/stories, not direct imports. Stable FP. | ai | |
| phantom-deps | phantom-dep:react-responsive | AI (phantom-deps): Referenced in config files; stable FP for this UI library. | ai |
Versions (showing 17 of 17)
| Version | Deps | Published |
|---|---|---|
| 1.10.19 | 35 / 30 | |
| 1.10.12 | 35 / 30 | |
| 1.10.11 | 35 / 30 | |
| 1.10.9 | 33 / 30 | |
| 1.10.6 | 33 / 30 | |
| 1.10.4 | 33 / 30 | |
| 1.10.0 | 33 / 30 | |
| 1.9.113 | 33 / 30 | |
| 1.9.111 | 33 / 30 | |
| 1.9.109 | 33 / 30 | |
| 1.9.107 | 33 / 30 | |
| 1.9.106 | 33 / 30 | |
| 1.9.98 | 33 / 30 | |
| 1.9.86 | 33 / 30 | |
| 1.9.85 | 33 / 30 | |
| 1.9.84 | 33 / 30 | |
| 1.9.83 | 33 / 30 |
v1.10.19
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.12
9 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.11
9 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.9
13 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.6
13 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.4
13 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.9.113
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.9.111
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.9.109
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.9.107
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.9.106
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.9.98
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.9.86
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.9.85
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.9.84
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.9.83
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.