@live-change/url-frontend
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:@live-change/dao | AI (phantom-deps): Same-org dep; stable false positive for this monorepo package. | ai | |
| phantom-deps | phantom-dep:serialize-javascript | AI (phantom-deps): SSR utility dep; stable false positive. | ai | |
| phantom-deps | phantom-dep:@live-change/dao-vue3 | AI (phantom-deps): Same-org dep; stable false positive for this monorepo package. | ai | |
| phantom-deps | phantom-dep:rollup-plugin-visualizer | AI (phantom-deps): Build tool dep; stable false positive. | ai | |
| phantom-deps | phantom-dep:rollup-plugin-node-builtins | AI (phantom-deps): Build tool dep; stable false positive. | ai | |
| phantom-deps | phantom-dep:codeceptjs-assert | AI (phantom-deps): Test config usage; stable for this package. | ai | |
| phantom-deps | phantom-dep:vue3-scroll-border | AI (phantom-deps): Config-file-only usage; stable for this package. | ai | |
| phantom-deps | phantom-dep:@live-change/vue3-ssr | AI (phantom-deps): Same-org dep; stable pattern. | ai | |
| phantom-deps | phantom-dep:@live-change/dao-websocket | AI (phantom-deps): Same-org dep; stable pattern. | ai | |
| phantom-deps | phantom-dep:@live-change/session-service | AI (phantom-deps): Same-org dep; stable pattern. | ai | |
| phantom-deps | phantom-dep:@live-change/vue3-components | AI (phantom-deps): Same-org dep; stable pattern. | ai | |
| phantom-deps | phantom-dep:@live-change/prosemirror-service | AI (phantom-deps): Same-org dep; stable pattern. | ai | |
| phantom-deps | phantom-dep:primevue | AI (phantom-deps): Config-file-only usage in Vite/SSR setup; stable pattern for this package. | ai | |
| phantom-deps | phantom-dep:@live-change/secret-link-service | AI (phantom-deps): Same-org dep; stable pattern. | ai | |
| phantom-deps | phantom-dep:@live-change/password-authentication-service | AI (phantom-deps): Same-org dep; stable pattern. | ai | |
| phantom-deps | phantom-dep:cross-env | AI (phantom-deps): Used in npm scripts; config-only; stable. | ai | |
| phantom-deps | phantom-dep:primeicons | AI (phantom-deps): CSS/asset dep; config-file usage; stable. | ai | |
| phantom-deps | phantom-dep:compression | AI (phantom-deps): Server middleware; config-file usage; stable. | ai | |
| phantom-deps | phantom-dep:@vueuse/core | AI (phantom-deps): Config-file-only usage; stable for this package. | ai | |
| phantom-deps | phantom-dep:serve-static | AI (phantom-deps): Server middleware; config-file usage; stable. | ai | |
| phantom-deps | phantom-dep:@live-change/secret-code-service | AI (phantom-deps): Same-org dep; stable pattern. | ai | |
| phantom-deps | phantom-dep:primeflex | AI (phantom-deps): Config-file-only usage; stable for this package. | ai | |
| phantom-deps | phantom-dep:get-port-sync | AI (phantom-deps): Config-file-only usage; stable for this package. | ai | |
| phantom-deps | phantom-dep:@live-change/cli | AI (phantom-deps): Same-org dep used in scripts; stable pattern. | ai | |
| phantom-deps | phantom-dep:v-shared-element | AI (phantom-deps): Config-file-only usage; stable for this package. | ai |
Versions (showing 26 of 26)
| Version | Deps | Published |
|---|---|---|
| 0.9.209 | 28 / 7 | |
| 0.9.208 | 28 / 7 | |
| 0.9.207 | 28 / 7 | |
| 0.9.206 | 28 / 7 | |
| 0.9.205 | 28 / 7 | |
| 0.9.204 | 28 / 7 | |
| 0.9.203 | 28 / 7 | |
| 0.9.201 | 28 / 7 | |
| 0.9.200 | 28 / 7 | |
| 0.9.199 | 28 / 7 | |
| 0.9.198 | 28 / 7 | |
| 0.9.197 | 28 / 7 | |
| 0.9.196 | 28 / 7 | |
| 0.9.195 | 28 / 7 | |
| 0.9.194 | 28 / 7 | |
| 0.9.193 | 28 / 7 | |
| 0.9.192 | 28 / 7 | |
| 0.9.191 | 28 / 7 | |
| 0.9.190 | 28 / 7 | |
| 0.9.189 | 28 / 7 | |
| 0.9.188 | 28 / 7 | |
| 0.9.187 | 28 / 7 | |
| 0.9.186 | 28 / 7 | |
| 0.9.185 | 28 / 7 | |
| 0.9.183 | 28 / 7 | |
| 0.9.180 | 28 / 7 |
v0.9.209
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.208
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.207
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.206
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.205
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.203
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.201
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.200
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.199
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.198
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.197
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.196
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.195
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.194
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.193
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.192
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.191
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.190
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.189
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.188
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.187
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.186
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.185
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.183
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.180
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.