← Home

@live-change/frontend-auto-form

npm
51
Versions
ISC
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

m8

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
phantom-deps phantom-dep:@live-change/dao AI (phantom-deps): Monorepo internal dependency; stable pattern for this package. ai
phantom-deps phantom-dep:rollup-plugin-visualizer AI (phantom-deps): Config/build-tool references in established monorepo package; stable pattern. ai
phantom-deps phantom-dep:serialize-javascript AI (phantom-deps): Config/build-tool references in established monorepo package; stable pattern. ai
phantom-deps phantom-dep:vue3-scroll-border AI (phantom-deps): Config/build-tool references in established monorepo package; stable pattern. ai
phantom-deps phantom-dep:get-port-sync AI (phantom-deps): Config/build-tool references in established monorepo package; stable pattern. ai
phantom-deps phantom-dep:serve-static AI (phantom-deps): Config/build-tool references in established monorepo package; stable pattern. ai
phantom-deps phantom-dep:pretty-bytes AI (phantom-deps): Config/build-tool references in established monorepo package; stable pattern. ai
phantom-deps phantom-dep:@vueuse/core AI (phantom-deps): Config/build-tool references in established monorepo package; stable pattern. ai
phantom-deps phantom-dep:compression AI (phantom-deps): Config/build-tool references in established monorepo package; stable pattern. ai
phantom-deps phantom-dep:primeicons AI (phantom-deps): Config/build-tool references in established monorepo package; stable pattern. ai
phantom-deps phantom-dep:primeflex AI (phantom-deps): Config/build-tool references in established monorepo package; stable pattern. ai
phantom-deps phantom-dep:vue-meta AI (phantom-deps): Config/build-tool references in established monorepo package; stable pattern. ai
phantom-deps phantom-dep:pica AI (phantom-deps): Config/build-tool references in established monorepo package; stable pattern. ai
phantom-deps phantom-dep:codeceptjs-assert AI (phantom-deps): Config/build-tool references in established monorepo package; stable pattern. ai
phantom-deps phantom-dep:@live-change/dao-vue3 AI (phantom-deps): Same-org dependency referenced in config; stable false positive. ai
phantom-deps phantom-dep:@live-change/cli AI (phantom-deps): Same-org dependency used via config/scripts; stable false positive for this package. ai
phantom-deps phantom-dep:@live-change/framework AI (phantom-deps): Same-org dependency referenced in config; stable false positive. ai
phantom-deps phantom-dep:@live-change/dao-websocket AI (phantom-deps): Same-org dependency referenced in config; stable false positive. ai
phantom-deps phantom-dep:@live-change/image-service AI (phantom-deps): Same-org dependency referenced in config; stable false positive. ai
phantom-deps phantom-dep:@live-change/session-service AI (phantom-deps): Same-org dependency referenced in config; stable false positive. ai
phantom-deps phantom-dep:cross-env AI (phantom-deps): Used in npm scripts, not imported; stable false positive for this package. ai
phantom-deps phantom-dep:v-shared-element AI (phantom-deps): Frontend plugin referenced in config; stable false positive. ai
dependencies unvetted-dep:primeflex AI (dependencies): Known CSS utility library from PrimeFaces; stable false positive. ai
dependencies unvetted-dep:vue-meta AI (dependencies): Known Vue meta management library; stable false positive. ai
dependencies unvetted-dep:@live-change/vue3-components AI (dependencies): Same org scope; internal dependency; stable false positive. ai
dependencies unvetted-dep:@live-change/session-service AI (dependencies): Same org scope; internal dependency; stable false positive. ai
dependencies unvetted-dep:@live-change/image-frontend AI (dependencies): Same org scope; internal dependency; stable false positive. ai
dependencies unvetted-dep:@live-change/image-service AI (dependencies): Same org scope; internal dependency; stable false positive. ai
dependencies unvetted-dep:@live-change/dao-websocket AI (dependencies): Same org scope; internal dependency; stable false positive. ai
dependencies unvetted-dep:@live-change/framework AI (dependencies): Same org scope; internal dependency; stable false positive. ai
dependencies unvetted-dep:@live-change/vue3-ssr AI (dependencies): Same org scope; internal dependency; stable false positive. ai
bogus-package bogus-package AI (bogus-package): Internal monorepo component; missing metadata is expected for this package type. ai
dependencies unvetted-dep:vue3-scroll-border AI (dependencies): Vue3 UI component; stable false positive. ai
dependencies unvetted-dep:codeceptjs-assert AI (dependencies): Test utility; stable false positive for this package. ai
dependencies unvetted-dep:v-shared-element AI (dependencies): Known Vue shared element transition library; stable false positive. ai
dependencies unvetted-dep:primevue AI (dependencies): Well-known Vue UI library; stable false positive for this package. ai
dependencies unvetted-dep:@live-change/cli AI (dependencies): Same org scope; internal tooling dependency; stable false positive. ai
dependencies unvetted-dep:get-port-sync AI (dependencies): Small utility package; used in dev/test context; stable false positive. ai

Versions (showing 51 of 91)

View all versions
Version Deps Published
0.9.209 29 / 7
0.9.208 29 / 7
0.9.207 29 / 7
0.9.206 29 / 7
0.9.205 29 / 7
0.9.204 29 / 7
0.9.203 29 / 7
0.9.201 29 / 7
0.9.200 29 / 7
0.9.199 29 / 7
0.9.198 29 / 7
0.9.197 29 / 7
0.9.196 29 / 7
0.9.195 29 / 7
0.9.194 29 / 7
0.9.193 29 / 7
0.9.192 29 / 7
0.9.191 29 / 7
0.9.190 29 / 7
0.9.189 29 / 7
0.9.188 29 / 7
0.9.187 29 / 7
0.9.186 29 / 7
0.9.185 29 / 7
0.9.184 29 / 7
0.9.183 29 / 7
0.9.182 29 / 7
0.9.181 29 / 7
0.9.180 29 / 7
0.9.179 29 / 7
0.9.177 29 / 7
0.9.176 29 / 7
0.9.175 29 / 7
0.9.174 29 / 7
0.9.173 29 / 7
0.9.171 29 / 7
0.9.169 29 / 7
0.9.167 29 / 7
0.9.166 29 / 7
0.9.165 29 / 7
0.9.164 29 / 7
0.9.163 29 / 7
0.9.162 29 / 7
0.9.161 29 / 7
0.9.160 29 / 7
0.9.159 29 / 7
0.9.158 29 / 7
0.9.157 29 / 7
0.9.156 29 / 7
0.9.155 29 / 7
0.9.154 29 / 7

v0.9.209

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.9.208

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.9.207

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.9.206

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.9.205

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.9.203

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.201

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.200

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.199

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.198

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.197

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.196

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.195

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.194

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.193

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.192

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.191

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.190

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.189

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.188

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.187

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.186

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.185

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.184

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.183

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.182

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.181

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.180

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.179

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.177

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.176

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.175

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.174

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.173

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.171

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.169

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.167

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.166

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.165

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.164

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.163

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.162

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.161

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.160

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.159

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.158

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.157

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.156

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.155

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.154

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.