← Home

@live-change/frontend-template

npm
10
Versions
ISC
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

m8

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
phantom-deps phantom-dep:@live-change/blog-frontend AI (phantom-deps): Same-org dep declared for downstream consumers; stable false positive for this template package. ai
phantom-deps phantom-dep:@live-change/url-frontend AI (phantom-deps): Same-org dep declared for downstream consumers; stable false positive for this template package. ai
phantom-deps phantom-dep:@live-change/image-frontend AI (phantom-deps): Same-org dep declared for downstream consumers; stable false positive for this template package. ai
phantom-deps phantom-dep:@live-change/video-call-service AI (phantom-deps): Same-org dep used via config; stable false positive. ai
phantom-deps phantom-dep:rollup-plugin-node-builtins AI (phantom-deps): Frontend template config-referenced dep; stable false positive. ai
phantom-deps phantom-dep:@fortawesome/fontawesome-free AI (phantom-deps): Frontend template config-referenced dep; stable false positive. ai
phantom-deps phantom-dep:@live-change/dao-websocket AI (phantom-deps): Same-org dep used via config; stable false positive. ai
phantom-deps phantom-dep:@live-change/db-client AI (phantom-deps): Same-org dep used via config; stable false positive. ai
phantom-deps phantom-dep:@live-change/blog-service AI (phantom-deps): Same-org dep used via config; stable false positive. ai
phantom-deps phantom-dep:rollup-plugin-visualizer AI (phantom-deps): Frontend template config-referenced dep; stable false positive. ai
phantom-deps phantom-dep:@codemirror/language AI (phantom-deps): Config-file reference in a frontend template; stable false positive. ai
phantom-deps phantom-dep:serialize-javascript AI (phantom-deps): Config-file reference in a frontend template; stable false positive. ai
phantom-deps phantom-dep:@live-change/dao-vue3 AI (phantom-deps): Same-org dependency used via config; stable false positive. ai
phantom-deps phantom-dep:serve-static AI (phantom-deps): Config-file reference in a frontend template; stable false positive. ai
phantom-deps phantom-dep:pica AI (phantom-deps): Config-file reference in a frontend template; stable false positive. ai
phantom-deps phantom-dep:vue-i18n AI (phantom-deps): Config-file reference in a frontend template; stable false positive. ai
phantom-deps phantom-dep:cross-env AI (phantom-deps): Used in npm scripts, not directly imported; stable false positive. ai
phantom-deps phantom-dep:primeicons AI (phantom-deps): Config-file reference in a frontend template; stable false positive. ai
phantom-deps phantom-dep:compression AI (phantom-deps): Config-file reference in a frontend template; stable false positive. ai
phantom-deps phantom-dep:@vueuse/core AI (phantom-deps): Config-file reference in a frontend template; stable false positive. ai
phantom-deps phantom-dep:pretty-bytes AI (phantom-deps): Config-file reference in a frontend template; stable false positive. ai
phantom-deps phantom-dep:@dotenvx/dotenvx AI (phantom-deps): Used in build scripts, not directly imported; stable false positive. ai
phantom-deps phantom-dep:@live-change/dao AI (phantom-deps): Same-org dependency used via config; stable false positive. ai
bogus-package bogus-package AI (bogus-package): Template package in established ecosystem; missing metadata is expected for internal scaffolding. ai
phantom-deps phantom-dep:vue3-scroll-border AI (phantom-deps): Frontend template; deps referenced in config files is expected pattern. ai
phantom-deps phantom-dep:codeceptjs-assert AI (phantom-deps): Frontend template; deps referenced in config files is expected pattern. ai
phantom-deps phantom-dep:v-shared-element AI (phantom-deps): Frontend template; deps referenced in config files is expected pattern. ai
phantom-deps phantom-dep:get-port-sync AI (phantom-deps): Frontend template; deps referenced in config files is expected pattern. ai
phantom-deps phantom-dep:primeflex AI (phantom-deps): Frontend template; deps referenced in config files is expected pattern. ai
phantom-deps phantom-dep:primevue AI (phantom-deps): Frontend template; deps referenced in config files is expected pattern. ai
phantom-deps phantom-dep:vue AI (phantom-deps): Frontend template; deps referenced in config files is expected pattern. ai

Versions (showing 10 of 10)

Version Deps Published
0.9.204 72 / 7
0.9.190 70 / 6
0.9.179 70 / 6
0.9.169 70 / 6
0.9.165 70 / 6
0.9.162 70 / 6
0.9.159 70 / 6
0.9.151 60 / 6
0.9.146 60 / 6
0.9.135 60 / 6

v0.9.190

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.179

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.169

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.165

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.162

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.159

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.151

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.146

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.135

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.