@kosdev-code/kos-ui-sdk No license 85 versions

@kosdev-code/kos-ui-sdk

npm

85

Versions

—

License

No

Install Scripts

Missing

Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

kosdevmatrica_mark

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	obfuscated-file:models/utils/service-accessor.d.ts	AI (source-diff): The flagged file is a TypeScript declaration (.d.ts) with a long union type of API endpoint strings — a common codegen pattern, not obfuscated executable code.	ai	2026/04/26
bogus-package	bogus-package	AI (bogus-package): Package has 173 versions and 395 days of history; missing metadata is a consistent characteristic of this SDK, not a malicious signal.	ai	2026/04/26
npm-metadata	no-description	AI (npm-metadata): Established package with 173 versions; missing description is a persistent metadata gap, not a malicious indicator.	ai	2026/04/26
semgrep	semgrep:new-function-constructor	AI (semgrep): new Function() usage is in minified bundle code within an expression/template parser context — a well-known legitimate pattern. Consistent across versions of this SDK.	ai	2026/04/26
phantom-deps	phantom-dep:@kosdev-code/kos-api-levels	AI (phantom-deps): Same-org scoped dependency; phantom import is expected for SDK packages that re-export or indirectly use sibling packages.	ai	2026/04/26

Versions (showing 85 of 85)

Version	Deps	Published
3.0.4	6 / 0	2026-06-02
3.0.3	6 / 0	2026-05-29
3.0.2	6 / 0	2026-05-13
3.0.1	6 / 0	2026-05-11
3.0.0	6 / 0	2026-05-08
2.1.40	6 / 0	2026-05-12
2.1.39	6 / 0	2026-05-07
2.1.38	6 / 0	2026-04-14
2.1.37	5 / 0	2026-03-04
2.1.36	5 / 0	2026-02-24
2.1.35	5 / 0	2026-02-12
2.1.34	5 / 0	2026-02-12
2.1.33	5 / 0	2025-11-19
2.1.32	5 / 0	2025-11-17
2.1.31	5 / 0	2025-11-10
2.1.30	5 / 0	2025-11-10
2.1.29	5 / 0	2025-11-07
2.1.28	5 / 0	2025-11-06
2.1.27	5 / 0	2025-11-03
2.1.26	5 / 0	2025-11-03
2.1.25	5 / 0	2025-10-30
2.1.23	5 / 0	2025-10-28
2.1.22	5 / 0	2025-10-24
2.1.21	5 / 0	2025-10-22
2.1.20	5 / 0	2025-10-21
2.1.19	5 / 0	2025-10-21
2.1.18	5 / 0	2025-10-20
2.1.17	5 / 0	2025-10-09
2.1.16	5 / 0	2025-10-08
2.1.15	5 / 0	2025-10-08
2.1.14	5 / 0	2025-10-08
2.1.13	5 / 0	2025-10-06
2.1.12	5 / 0	2025-10-06
2.1.11	5 / 0	2025-10-06
2.1.10	5 / 0	2025-10-03
2.1.9	5 / 0	2025-10-03
2.1.8	5 / 0	2025-10-02
2.1.7	5 / 0	2025-10-01
2.1.6	5 / 0	2025-09-26
2.1.5	5 / 0	2025-09-26
2.1.4	5 / 0	2025-09-25
2.1.3	5 / 0	2025-09-25
2.1.2	5 / 0	2025-09-24
2.1.1	5 / 0	2025-09-23
2.1.0	5 / 0	2025-09-23
2.0.46	5 / 0	2026-04-25
2.0.45	6 / 0	2026-04-24
2.0.44	5 / 0	2026-04-23
2.0.43	5 / 0	2026-04-14
2.0.42	5 / 0	2026-02-09
2.0.41	5 / 0	2025-08-27
2.0.40	5 / 0	2025-08-18
2.0.39	5 / 0	2025-08-15
2.0.38	5 / 0	2025-08-15
2.0.37	5 / 0	2025-08-15
2.0.36	5 / 0	2025-08-15
2.0.35	5 / 0	2025-08-15
2.0.34	5 / 0	2025-08-14
2.0.33	5 / 0	2025-07-31
2.0.32	5 / 0	2025-07-31
2.0.31	5 / 0	2025-07-23
2.0.30	5 / 0	2025-07-11
2.0.29	5 / 0	2025-07-11
2.0.28	5 / 0	2025-07-09
2.0.27	5 / 0	2025-07-09
2.0.26	5 / 0	2025-07-07
2.0.25	5 / 0	2025-07-05
2.0.24	5 / 0	2025-07-04
2.0.23	5 / 0	2025-07-04
2.0.22	5 / 0	2025-07-03
2.0.21	5 / 0	2025-07-03
2.0.20	5 / 0	2025-06-20
2.0.19	5 / 0	2025-06-19
2.0.18	5 / 0	2025-06-18
2.0.17	5 / 0	2025-06-11
2.0.16	5 / 0	2025-06-06
2.0.15	5 / 0	2025-06-05
2.0.12	5 / 0	2025-06-02
2.0.11	5 / 0	2025-06-02
2.0.10	5 / 0	2025-06-02
2.0.9	5 / 0	2025-05-31
2.0.8	5 / 0	2025-05-04
2.0.7	5 / 0	2025-05-03
2.0.6	5 / 0	2025-05-02
2.0.5	5 / 0	2025-05-02

v3.0.4

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.0.3

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.0.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.0.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.0.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.1.40

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.1.39

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.1.38

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.1.37

2 findings

HIGH New obfuscated file: models/utils/service-accessor.d.ts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.1.36

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.1.35

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.1.34

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.1.33

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.1.32

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.1.31

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.1.30

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.1.29

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.1.28

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.1.27

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.1.26

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.1.25

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.1.23

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.1.21

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.1.14

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.1.12

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.1.10

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.1.7

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.1.6

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.1.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.46

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.0.45

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.0.44

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.0.43

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.0.42

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.39

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.38

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.36

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.35

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.34

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.33

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.32

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.31

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.30

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.29

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.28

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.27

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.26

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.25

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.24

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.23

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.22

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.21

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.20

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.19

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.18

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.17

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.16

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.15

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.12

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.11

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.10

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.0.9

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.0.8

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.0.7

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.0.6

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.0.5

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.