@live-change/survey-frontend

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

m8

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
phantom-deps	phantom-dep:pica	AI (phantom-deps): Config-level dep for frontend app; stable false positive for this package.	ai	2026/05/26
phantom-deps	phantom-dep:primevue	AI (phantom-deps): UI library peer dep in frontend scaffold; stable false positive for this package.	ai	2026/05/26
phantom-deps	phantom-dep:vue-i18n	AI (phantom-deps): i18n peer dep in frontend scaffold; stable false positive.	ai	2026/05/26
phantom-deps	phantom-dep:cross-env	AI (phantom-deps): Used in npm scripts, not imported; stable false positive.	ai	2026/05/26
phantom-deps	phantom-dep:primeflex	AI (phantom-deps): CSS utility peer dep; stable false positive for this frontend scaffold.	ai	2026/05/26
phantom-deps	phantom-dep:primeicons	AI (phantom-deps): Icon peer dep; stable false positive.	ai	2026/05/26
phantom-deps	phantom-dep:compression	AI (phantom-deps): Server middleware dep used in server/start.js; stable false positive.	ai	2026/05/26
phantom-deps	phantom-dep:@vueuse/core	AI (phantom-deps): Vue composables peer dep; stable false positive for this frontend scaffold.	ai	2026/05/26
phantom-deps	phantom-dep:pretty-bytes	AI (phantom-deps): Utility dep referenced in config; stable false positive.	ai	2026/05/26
phantom-deps	phantom-dep:serve-static	AI (phantom-deps): Server middleware; stable false positive.	ai	2026/05/26
phantom-deps	phantom-dep:vue	AI (phantom-deps): Frontend scaffold pattern; vue is a peer dep referenced in vite config, not directly imported.	ai	2026/05/26
phantom-deps	phantom-dep:@dotenvx/dotenvx	AI (phantom-deps): Used in npm scripts via CLI, not imported; stable false positive.	ai	2026/05/26
phantom-deps	phantom-dep:@live-change/dao	AI (phantom-deps): Same-org peer dep; stable false positive for this monorepo package.	ai	2026/05/26
phantom-deps	phantom-dep:v-shared-element	AI (phantom-deps): Vue plugin peer dep; stable false positive.	ai	2026/05/26
phantom-deps	phantom-dep:codeceptjs-assert	AI (phantom-deps): Test utility; stable false positive.	ai	2026/05/26
phantom-deps	phantom-dep:vue3-scroll-border	AI (phantom-deps): Vue component peer dep; stable false positive.	ai	2026/05/26
phantom-deps	phantom-dep:@codemirror/language	AI (phantom-deps): Editor peer dep; stable false positive.	ai	2026/05/26
phantom-deps	phantom-dep:serialize-javascript	AI (phantom-deps): SSR utility; stable false positive.	ai	2026/05/26
phantom-deps	phantom-dep:@live-change/dao-vue3	AI (phantom-deps): Same-org peer dep; stable false positive.	ai	2026/05/26
phantom-deps	phantom-dep:@live-change/db-client	AI (phantom-deps): Same-org peer dep; stable false positive.	ai	2026/05/26
phantom-deps	phantom-dep:get-port-sync	AI (phantom-deps): Dev server utility; stable false positive.	ai	2026/05/26

Versions (showing 34 of 34)

Version	Deps	Published
0.9.201	58 / 7	2026-03-29
0.9.200	58 / 7	2026-03-18
0.9.199	58 / 7	2026-03-12
0.9.198	58 / 7	2026-03-09
0.9.197	58 / 7	2026-03-05
0.9.193	58 / 7	2026-02-16
0.9.190	58 / 7	2026-02-09
0.9.189	58 / 7	2026-02-06
0.9.186	58 / 7	2026-01-28
0.9.182	58 / 7	2026-01-26
0.9.164	58 / 7	2025-11-19
0.9.163	58 / 7	2025-11-16
0.9.159	58 / 7	2025-10-24
0.9.154	58 / 7	2025-09-30
0.9.152	58 / 7	2025-09-29
0.9.147	58 / 7	2025-09-28
0.9.138	58 / 7	2025-09-12
0.9.134	58 / 7	2025-09-03
0.9.130	58 / 7	2025-08-28
0.9.126	58 / 7	2025-08-18
0.9.124	58 / 7	2025-08-18
0.9.119	58 / 7	2025-08-15
0.9.111	58 / 7	2025-07-29
0.9.105	58 / 7	2025-07-05
0.9.102	58 / 7	2025-06-30
0.9.99	58 / 7	2025-06-23
0.9.98	58 / 7	2025-06-23
0.9.96	58 / 7	2025-06-10
0.9.89	58 / 7	2025-06-08
0.9.88	58 / 7	2025-06-08
0.9.82	58 / 7	2025-05-18
0.9.78	58 / 7	2025-05-12
0.9.76	58 / 7	2025-05-06
0.9.72	58 / 7	2025-04-29