@live-change/task-frontend
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:vue | AI (phantom-deps): Vue is a peer/config dep in a Vue frontend package; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:primevue | AI (phantom-deps): UI library declared as config-level dep in Vue frontend scaffold. | ai | |
| phantom-deps | phantom-dep:vue-i18n | AI (phantom-deps): i18n peer dep for Vue frontend; stable false positive. | ai | |
| phantom-deps | phantom-dep:cross-env | AI (phantom-deps): Build script utility; used in npm scripts not imports. | ai | |
| phantom-deps | phantom-dep:@live-change/dao | AI (phantom-deps): Same-org peer dep; stable false positive for this monorepo package. | ai | |
| phantom-deps | phantom-dep:@live-change/dao-vue3 | AI (phantom-deps): Same-org peer dep; stable false positive. | ai | |
| phantom-deps | phantom-dep:@live-change/db-client | AI (phantom-deps): Same-org peer dep; stable false positive. | ai | |
| phantom-deps | phantom-dep:v-shared-element | AI (phantom-deps): Vue animation library declared as config dep; stable false positive. | ai | |
| phantom-deps | phantom-dep:compression | AI (phantom-deps): Server middleware used in scripts, not directly imported in analyzed files. | ai | |
| phantom-deps | phantom-dep:serialize-javascript | AI (phantom-deps): SSR utility dep; stable false positive for this frontend package. | ai | |
| phantom-deps | phantom-dep:@vueuse/core | AI (phantom-deps): Vue composables peer dep; stable false positive. | ai | |
| phantom-deps | phantom-dep:rollup-plugin-visualizer | AI (phantom-deps): Build tool dep used in vite config; stable false positive. | ai | |
| phantom-deps | phantom-dep:rollup-plugin-node-builtins | AI (phantom-deps): Build tool dep; stable false positive. | ai | |
| phantom-deps | phantom-dep:@live-change/blog-service | AI (phantom-deps): Same-org service dep; stable false positive. | ai | |
| phantom-deps | phantom-dep:@live-change/url-frontend | AI (phantom-deps): Same-org peer dep; stable false positive. | ai | |
| phantom-deps | phantom-dep:@live-change/blog-frontend | AI (phantom-deps): Same-org peer dep; stable false positive. | ai | |
| phantom-deps | phantom-dep:@live-change/dao-websocket | AI (phantom-deps): Same-org peer dep; stable false positive. | ai | |
| phantom-deps | phantom-dep:@live-change/image-frontend | AI (phantom-deps): Same-org peer dep; stable false positive. | ai | |
| phantom-deps | phantom-dep:@live-change/upload-frontend | AI (phantom-deps): Same-org peer dep; stable false positive. | ai | |
| phantom-deps | phantom-dep:@live-change/wysiwyg-frontend | AI (phantom-deps): Same-org peer dep; stable false positive. | ai |
Versions (showing 51 of 55)
| Version | Deps | Published |
|---|---|---|
| 0.9.204 | 59 / 7 | |
| 0.9.198 | 59 / 7 | |
| 0.9.195 | 59 / 7 | |
| 0.9.192 | 59 / 7 | |
| 0.9.188 | 59 / 7 | |
| 0.9.182 | 59 / 7 | |
| 0.9.181 | 59 / 7 | |
| 0.9.180 | 59 / 7 | |
| 0.9.177 | 59 / 7 | |
| 0.9.176 | 59 / 7 | |
| 0.9.175 | 59 / 7 | |
| 0.9.174 | 59 / 7 | |
| 0.9.173 | 59 / 7 | |
| 0.9.171 | 59 / 7 | |
| 0.9.167 | 59 / 7 | |
| 0.9.166 | 59 / 7 | |
| 0.9.165 | 59 / 7 | |
| 0.9.164 | 59 / 7 | |
| 0.9.162 | 59 / 7 | |
| 0.9.159 | 57 / 7 | |
| 0.9.157 | 57 / 7 | |
| 0.9.154 | 57 / 7 | |
| 0.9.149 | 57 / 7 | |
| 0.9.148 | 57 / 7 | |
| 0.9.147 | 57 / 7 | |
| 0.9.145 | 57 / 7 | |
| 0.9.144 | 57 / 7 | |
| 0.9.143 | 57 / 7 | |
| 0.9.129 | 57 / 7 | |
| 0.9.127 | 57 / 7 | |
| 0.9.123 | 57 / 7 | |
| 0.9.116 | 57 / 7 | |
| 0.9.115 | 57 / 7 | |
| 0.9.113 | 57 / 7 | |
| 0.9.112 | 57 / 7 | |
| 0.9.111 | 57 / 7 | |
| 0.9.109 | 57 / 7 | |
| 0.9.108 | 57 / 7 | |
| 0.9.104 | 57 / 7 | |
| 0.9.101 | 57 / 7 | |
| 0.9.97 | 57 / 7 | |
| 0.9.95 | 57 / 7 | |
| 0.9.93 | 57 / 7 | |
| 0.9.91 | 57 / 7 | |
| 0.9.89 | 57 / 7 | |
| 0.9.87 | 57 / 7 | |
| 0.9.86 | 57 / 7 | |
| 0.9.84 | 57 / 7 | |
| 0.9.83 | 57 / 7 | |
| 0.9.82 | 57 / 7 | |
| 0.9.79 | 57 / 7 |
v0.9.198
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.195
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.192
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.188
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.182
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.181
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.180
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.177
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.176
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.175
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.174
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.173
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.171
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.167
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.166
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.165
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.164
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.162
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.159
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.157
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.154
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.149
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.148
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.147
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.145
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.144
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.143
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.129
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.127
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.123
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.116
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.115
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.113
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.112
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.111
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.109
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.108
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.104
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.101
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.97
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.95
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.93
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.91
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.89
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.87
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.86
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.84
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.83
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.82
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.79
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.