@live-change/security-frontend

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

m8

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
bogus-package	bogus-package	AI (bogus-package): Established monorepo package; missing metadata is stable pattern, not spam indicator.	ai	2026/05/21
npm-metadata	no-description	AI (npm-metadata): Internal package with empty description; stable for this package.	ai	2026/05/21
phantom-deps	phantom-dep:serve-static	AI (phantom-deps): Config-file reference; stable false positive for this package.	ai	2026/05/14
phantom-deps	phantom-dep:@live-change/dao	AI (phantom-deps): Same-org monorepo dep; stable false positive.	ai	2026/05/14
phantom-deps	phantom-dep:compression	AI (phantom-deps): Config-file reference; stable false positive for this package.	ai	2026/05/14
phantom-deps	phantom-dep:@live-change/dao-vue3	AI (phantom-deps): Same-org monorepo dep; stable false positive.	ai	2026/05/14
phantom-deps	phantom-dep:rollup-plugin-visualizer	AI (phantom-deps): Build config reference; stable false positive.	ai	2026/05/14
phantom-deps	phantom-dep:serialize-javascript	AI (phantom-deps): Config-file reference; stable false positive for this package.	ai	2026/05/14
phantom-deps	phantom-dep:@vueuse/core	AI (phantom-deps): Config-file reference; stable false positive for this frontend package.	ai	2026/05/14
phantom-deps	phantom-dep:@live-change/user-service	AI (phantom-deps): Same-org dep; stable false positive.	ai	2026/05/14
phantom-deps	phantom-dep:@live-change/dao-websocket	AI (phantom-deps): Same-org dep; stable false positive.	ai	2026/05/14
phantom-deps	phantom-dep:@live-change/session-service	AI (phantom-deps): Same-org dep; stable false positive.	ai	2026/05/14
phantom-deps	phantom-dep:@live-change/vue3-components	AI (phantom-deps): Same-org dep; stable false positive.	ai	2026/05/14
phantom-deps	phantom-dep:@live-change/secret-code-service	AI (phantom-deps): Same-org dep; stable false positive.	ai	2026/05/14
phantom-deps	phantom-dep:primevue	AI (phantom-deps): Frontend UI lib declared for config/build use; stable false positive for this package.	ai	2026/05/14
phantom-deps	phantom-dep:@live-change/message-authentication-service	AI (phantom-deps): Same-org dep; stable false positive.	ai	2026/05/14
phantom-deps	phantom-dep:luxon	AI (phantom-deps): Date lib declared for config/build; stable false positive.	ai	2026/05/14
phantom-deps	phantom-dep:cross-env	AI (phantom-deps): Used in npm scripts; stable false positive.	ai	2026/05/14
phantom-deps	phantom-dep:primeicons	AI (phantom-deps): Icon lib declared for config use; stable false positive.	ai	2026/05/14
phantom-deps	phantom-dep:vue-router	AI (phantom-deps): Frontend routing lib declared for config use; stable false positive.	ai	2026/05/14
phantom-deps	phantom-dep:@live-change/secret-link-service	AI (phantom-deps): Same-org dep; stable false positive.	ai	2026/05/14
phantom-deps	phantom-dep:vue-meta	AI (phantom-deps): Declared for config/build use; stable false positive.	ai	2026/05/14
phantom-deps	phantom-dep:primeflex	AI (phantom-deps): CSS utility lib declared for config/build use; stable false positive.	ai	2026/05/14
phantom-deps	phantom-dep:get-port-sync	AI (phantom-deps): Dev/server tooling dep; stable false positive.	ai	2026/05/14
phantom-deps	phantom-dep:@live-change/cli	AI (phantom-deps): Same-org CLI tool used in scripts; stable false positive.	ai	2026/05/14
phantom-deps	phantom-dep:codeceptjs-assert	AI (phantom-deps): Test tooling dep; stable false positive.	ai	2026/05/14
phantom-deps	phantom-dep:vue3-scroll-border	AI (phantom-deps): Frontend component declared for config use; stable false positive.	ai	2026/05/14
phantom-deps	phantom-dep:@live-change/vue3-ssr	AI (phantom-deps): Same-org dep used in build config; stable false positive.	ai	2026/05/14
phantom-deps	phantom-dep:@live-change/framework	AI (phantom-deps): Same-org dep; stable false positive.	ai	2026/05/14

Versions (showing 51 of 134)

View all versions

Version	Deps	Published
0.9.209	28 / 8	2026-05-12
0.9.208	28 / 8	2026-05-11
0.9.207	28 / 8	2026-05-11
0.9.206	28 / 8	2026-05-08
0.9.205	28 / 8	2026-05-05
0.9.204	28 / 8	2026-04-28
0.9.203	28 / 8	2026-04-18
0.9.201	28 / 8	2026-03-29
0.9.200	28 / 8	2026-03-18
0.9.199	28 / 8	2026-03-12
0.9.198	28 / 8	2026-03-09
0.9.197	28 / 8	2026-03-05
0.9.196	28 / 8	2026-03-03
0.9.195	28 / 8	2026-02-27
0.9.194	28 / 8	2026-02-19
0.9.193	28 / 8	2026-02-16
0.9.192	28 / 8	2026-02-12
0.9.191	28 / 8	2026-02-12
0.9.190	28 / 8	2026-02-09
0.9.189	28 / 8	2026-02-06
0.9.188	28 / 8	2026-02-05
0.9.187	28 / 8	2026-02-05
0.9.186	28 / 8	2026-01-28
0.9.185	28 / 8	2026-01-28
0.9.184	28 / 8	2026-01-28
0.9.183	28 / 8	2026-01-27
0.9.182	28 / 8	2026-01-26
0.9.181	28 / 8	2026-01-19
0.9.180	28 / 8	2026-01-13
0.9.179	28 / 8	2026-01-13
0.9.177	28 / 8	2026-01-13
0.9.176	28 / 8	2026-01-07
0.9.175	28 / 8	2026-01-06
0.9.174	28 / 8	2025-12-30
0.9.173	28 / 8	2025-12-27
0.9.171	28 / 8	2025-12-10
0.9.169	28 / 8	2025-12-10
0.9.167	28 / 8	2025-12-09
0.9.166	28 / 8	2025-11-22
0.9.165	28 / 8	2025-11-22
0.9.164	28 / 8	2025-11-19
0.9.163	28 / 8	2025-11-16
0.9.162	28 / 8	2025-11-01
0.9.161	28 / 8	2025-11-01
0.9.160	28 / 8	2025-10-24
0.9.159	28 / 8	2025-10-24
0.9.158	28 / 8	2025-10-12
0.9.157	28 / 8	2025-10-10
0.9.156	28 / 8	2025-10-03
0.9.155	28 / 8	2025-09-30
0.9.154	28 / 8	2025-09-30