@live-change/balance-frontend

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

m8

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
phantom-deps	phantom-dep:compression	AI (phantom-deps): Server middleware referenced in server entry; stable FP.	ai	2026/05/14
phantom-deps	phantom-dep:@vueuse/core	AI (phantom-deps): Composable library used via config/plugin; stable FP.	ai	2026/05/14
phantom-deps	phantom-dep:pretty-bytes	AI (phantom-deps): Utility referenced in config; stable FP.	ai	2026/05/14
phantom-deps	phantom-dep:serve-static	AI (phantom-deps): Server middleware; stable FP.	ai	2026/05/14
phantom-deps	phantom-dep:get-port-sync	AI (phantom-deps): Dev server utility in config; stable FP.	ai	2026/05/14
phantom-deps	phantom-dep:@dotenvx/dotenvx	AI (phantom-deps): Used in npm scripts; stable FP.	ai	2026/05/14
phantom-deps	phantom-dep:@live-change/dao	AI (phantom-deps): Same-org dep used transitively; stable FP.	ai	2026/05/14
phantom-deps	phantom-dep:v-shared-element	AI (phantom-deps): Vue plugin registered in config; stable FP.	ai	2026/05/14
phantom-deps	phantom-dep:codeceptjs-assert	AI (phantom-deps): Test helper referenced in test config; stable FP.	ai	2026/05/14
phantom-deps	phantom-dep:vue3-scroll-border	AI (phantom-deps): Vue plugin in config; stable FP.	ai	2026/05/14
phantom-deps	phantom-dep:@codemirror/language	AI (phantom-deps): Editor plugin in config; stable FP.	ai	2026/05/14
phantom-deps	phantom-dep:serialize-javascript	AI (phantom-deps): SSR utility in config; stable FP.	ai	2026/05/14
phantom-deps	phantom-dep:@live-change/dao-vue3	AI (phantom-deps): Same-org dep; stable FP.	ai	2026/05/14
phantom-deps	phantom-dep:@live-change/db-client	AI (phantom-deps): Same-org dep; stable FP.	ai	2026/05/14
phantom-deps	phantom-dep:vue	AI (phantom-deps): Vue is a peer/config dep in a Vue3 frontend package; stable false positive.	ai	2026/05/14
phantom-deps	phantom-dep:primevue	AI (phantom-deps): UI library referenced in config/plugin setup, not direct import; stable FP.	ai	2026/05/14
phantom-deps	phantom-dep:primeflex	AI (phantom-deps): CSS utility referenced in config; stable FP for this frontend package.	ai	2026/05/14
phantom-deps	phantom-dep:vue-i18n	AI (phantom-deps): i18n plugin registered in config, not directly imported; stable FP.	ai	2026/05/14
phantom-deps	phantom-dep:cross-env	AI (phantom-deps): Used in npm scripts, not imported; stable FP.	ai	2026/05/14
phantom-deps	phantom-dep:primeicons	AI (phantom-deps): Icon font referenced in config; stable FP.	ai	2026/05/14

Versions (showing 2 of 2)

Version	Deps	Published
0.9.204	57 / 7	2026-04-28
0.9.162	57 / 7	2025-11-01

v0.9.162

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.