@live-change/access-control-frontend

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

m8

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
phantom-deps	phantom-dep:rollup-plugin-node-builtins	AI (phantom-deps): Config-file-only reference; stable false positive.	ai	2026/05/26
phantom-deps	phantom-dep:@live-change/vue3-components	AI (phantom-deps): Same-org monorepo dep; stable false positive.	ai	2026/05/26
phantom-deps	phantom-dep:@live-change/dao-websocket	AI (phantom-deps): Same-org monorepo dep; stable false positive.	ai	2026/05/26
phantom-deps	phantom-dep:serve-static	AI (phantom-deps): Config-file-only reference; stable false positive.	ai	2026/05/26
phantom-deps	phantom-dep:@live-change/dao	AI (phantom-deps): Same-org monorepo dep; stable false positive.	ai	2026/05/26
phantom-deps	phantom-dep:codeceptjs-assert	AI (phantom-deps): Config-file-only reference; stable false positive.	ai	2026/05/26
phantom-deps	phantom-dep:vue3-scroll-border	AI (phantom-deps): Config-file-only reference; stable false positive.	ai	2026/05/26
phantom-deps	phantom-dep:serialize-javascript	AI (phantom-deps): Config-file-only reference; stable false positive.	ai	2026/05/26
phantom-deps	phantom-dep:@live-change/dao-vue3	AI (phantom-deps): Same-org monorepo dep; stable false positive.	ai	2026/05/26
phantom-deps	phantom-dep:rollup-plugin-visualizer	AI (phantom-deps): Config-file-only reference; stable false positive.	ai	2026/05/26
dependencies	unvetted-dep:@live-change/vue3-components	AI (dependencies): Same-org monorepo dependency; consistent pattern across all versions.	ai	2026/05/26
dependencies	unvetted-dep:@live-change/secret-code-service	AI (dependencies): Same-org monorepo dependency; consistent pattern across all versions.	ai	2026/05/26
dependencies	unvetted-dep:@live-change/secret-link-service	AI (dependencies): Same-org monorepo dependency; consistent pattern across all versions.	ai	2026/05/26
dependencies	unvetted-dep:@live-change/access-control-service	AI (dependencies): Same-org monorepo dependency; consistent pattern across all versions.	ai	2026/05/26
phantom-deps	phantom-dep:primevue	AI (phantom-deps): Config-referenced UI dep; stable false positive for this frontend package.	ai	2026/05/26
phantom-deps	phantom-dep:cross-env	AI (phantom-deps): Used in npm scripts; stable false positive for this package.	ai	2026/05/26
phantom-deps	phantom-dep:primeflex	AI (phantom-deps): Config-referenced UI dep; stable false positive.	ai	2026/05/26
phantom-deps	phantom-dep:primeicons	AI (phantom-deps): Config-referenced UI dep; stable false positive.	ai	2026/05/26
phantom-deps	phantom-dep:compression	AI (phantom-deps): Config-referenced server dep; stable false positive.	ai	2026/05/26
phantom-deps	phantom-dep:@vueuse/core	AI (phantom-deps): Config-referenced dep; stable false positive.	ai	2026/05/26
dependencies	unvetted-dep:@live-change/password-authentication-service	AI (dependencies): Same-org monorepo dependency; consistent pattern across all versions.	ai	2026/05/26
dependencies	unvetted-dep:@live-change/cli	AI (dependencies): Same-org monorepo dependency; consistent pattern across all versions.	ai	2026/05/26
dependencies	unvetted-dep:@live-change/db-admin	AI (dependencies): Same-org monorepo dependency; consistent pattern across all versions.	ai	2026/05/26
dependencies	unvetted-dep:@live-change/vue3-ssr	AI (dependencies): Same-org monorepo dependency; consistent pattern across all versions.	ai	2026/05/26
dependencies	unvetted-dep:@live-change/framework	AI (dependencies): Same-org monorepo dependency; consistent pattern across all versions.	ai	2026/05/26
dependencies	unvetted-dep:@live-change/user-service	AI (dependencies): Same-org monorepo dependency; consistent pattern across all versions.	ai	2026/05/26
dependencies	unvetted-dep:@live-change/dao-websocket	AI (dependencies): Same-org monorepo dependency; consistent pattern across all versions.	ai	2026/05/26
dependencies	unvetted-dep:@live-change/frontend-base	AI (dependencies): Same-org monorepo dependency; consistent pattern across all versions.	ai	2026/05/26
dependencies	unvetted-dep:@live-change/user-frontend	AI (dependencies): Same-org monorepo dependency; consistent pattern across all versions.	ai	2026/05/26
dependencies	unvetted-dep:@live-change/session-service	AI (dependencies): Same-org monorepo dependency; consistent pattern across all versions.	ai	2026/05/26
bogus-package	bogus-package	AI (bogus-package): Established monorepo component; missing metadata is cosmetic, not indicative of spam.	ai	2026/05/14
provenance	no-provenance	AI (provenance): No provenance across all 438 versions; stable pattern for this publisher.	ai	2026/05/14
npm-metadata	no-description	AI (npm-metadata): Monorepo package; missing description is a stable pattern across all @live-change versions.	ai	2026/05/14

Versions (showing 51 of 79)

View all versions

Version	Deps	Published
0.9.209	30 / 7	2026-05-12
0.9.208	30 / 7	2026-05-11
0.9.207	30 / 7	2026-05-11
0.9.206	30 / 7	2026-05-08
0.9.205	30 / 7	2026-05-05
0.9.204	30 / 7	2026-04-28
0.9.198	30 / 7	2026-03-09
0.9.196	30 / 7	2026-03-03
0.9.188	30 / 7	2026-02-05
0.9.175	30 / 7	2026-01-06
0.9.167	30 / 7	2025-12-09
0.9.164	30 / 7	2025-11-19
0.9.162	30 / 7	2025-11-01
0.9.136	30 / 7	2025-09-03
0.9.135	30 / 7	2025-09-03
0.9.134	30 / 7	2025-09-03
0.9.133	30 / 7	2025-09-03
0.9.132	30 / 7	2025-09-03
0.9.131	30 / 7	2025-08-30
0.9.130	30 / 7	2025-08-28
0.9.129	30 / 7	2025-08-28
0.9.128	30 / 7	2025-08-25
0.9.127	30 / 7	2025-08-25
0.9.126	30 / 7	2025-08-18
0.9.125	30 / 7	2025-08-18
0.9.124	30 / 7	2025-08-18
0.9.123	30 / 7	2025-08-18
0.9.122	30 / 7	2025-08-17
0.9.121	30 / 7	2025-08-17
0.9.120	30 / 7	2025-08-16
0.9.119	30 / 7	2025-08-15
0.9.118	30 / 7	2025-08-15
0.9.117	30 / 7	2025-08-14
0.9.116	30 / 7	2025-08-12
0.9.115	30 / 7	2025-08-12
0.9.114	30 / 7	2025-08-12
0.9.113	30 / 7	2025-07-30
0.9.112	30 / 7	2025-07-29
0.9.111	30 / 7	2025-07-29
0.9.110	30 / 7	2025-07-25
0.9.109	30 / 7	2025-07-22
0.9.108	30 / 7	2025-07-21
0.9.107	30 / 7	2025-07-21
0.9.106	30 / 7	2025-07-14
0.9.105	30 / 7	2025-07-05
0.9.104	30 / 7	2025-07-04
0.9.103	30 / 7	2025-07-03
0.9.102	30 / 7	2025-06-30
0.9.101	30 / 7	2025-06-28
0.9.100	30 / 7	2025-06-28
0.9.99	30 / 7	2025-06-23

v0.9.209

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.9.208

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.9.207

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.9.206

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.9.205

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.9.198

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.196

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.188

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.9.175

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.167

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.164

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.162

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.9.136

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.135

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.134

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.133

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.132

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.131

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.130

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.129

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.128

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.127

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.126

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.125

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.124

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.123

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.122

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.121

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.120

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.119

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.118

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.117

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.116

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.115

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.114

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.113

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.112

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.111

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.110

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.109

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.108

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.107

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.106

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.105

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.104

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.103

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.102

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.101

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.100

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.99

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.