@lobehub/ui
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | no-provenance | AI (provenance): Established high-download package; provenance absence is consistent across all prior versions. | ai | |
| dependencies | unvetted-dep:react-layout-kit | AI (dependencies): Legitimate layout utility used by this UI library; consistent across versions. | ai | |
| dependencies | unvetted-dep:@lobehub/fluent-emoji | AI (dependencies): First-party @lobehub scoped emoji package; consistent with this library's purpose. | ai | |
| phantom-deps | phantom-dep:@floating-ui/react | AI (phantom-deps): Peer/optional dep pattern common in UI component libraries; stable false positive. | ai | |
| typosquat | typosquat.levenshtein:yup | AI (typosquat): Scoped package @lobehub/ui; Levenshtein match to yup is a false positive. | ai | |
| phantom-deps | phantom-dep:uuid | AI (phantom-deps): Large UI library; deps referenced in config/re-exports are expected not to be directly imported in source. | ai | |
| phantom-deps | phantom-dep:rc-image | AI (phantom-deps): Large UI library; config-only reference is expected pattern. | ai | |
| phantom-deps | phantom-dep:emoji-mart | AI (phantom-deps): Large UI library; config-only reference is expected pattern. | ai | |
| phantom-deps | phantom-dep:query-string | AI (phantom-deps): Large UI library; config-only reference is expected pattern. | ai | |
| typosquat | typosquat.levenshtein:uuid | AI (typosquat): Scoped package @lobehub/ui; Levenshtein match to uuid is a false positive. | ai | |
| phantom-deps | phantom-dep:remark-github | AI (phantom-deps): Large UI library; config-only reference is expected pattern. | ai | |
| phantom-deps | phantom-dep:@ant-design/cssinjs | AI (phantom-deps): Large UI library; config-only reference is expected pattern. | ai | |
| phantom-deps | phantom-dep:@radix-ui/react-slot | AI (phantom-deps): Large UI library; config-only reference is expected pattern. | ai | |
| phantom-deps | phantom-dep:react-zoom-pan-pinch | AI (phantom-deps): Large UI library; config-only reference is expected pattern. | ai | |
| phantom-deps | phantom-dep:@emotion/is-prop-valid | AI (phantom-deps): Large UI library; config-only reference is expected pattern. | ai | |
| phantom-deps | phantom-dep:@mdx-js/react | AI (phantom-deps): Large UI library; config-only reference is expected pattern. | ai | |
| typosquat | typosquat.levenshtein:pg | AI (typosquat): Scoped package @lobehub/ui; Levenshtein match to pg is a false positive. | ai | |
| typosquat | typosquat.levenshtein:qs | AI (typosquat): Scoped package @lobehub/ui; Levenshtein match to qs is a false positive. | ai | |
| typosquat | typosquat.levenshtein:joi | AI (typosquat): Scoped package @lobehub/ui; Levenshtein match to joi is a false positive. | ai |
Versions (showing 51 of 181)
| Version | Deps | Published |
|---|---|---|
| 5.15.7 | 68 / 54 | |
| 5.15.6 | 68 / 54 | |
| 5.15.5 | 68 / 54 | |
| 5.15.4 | 68 / 54 | |
| 5.15.3 | 68 / 54 | |
| 5.15.2 | 68 / 54 | |
| 5.15.1 | 68 / 54 | |
| 5.15.0 | 68 / 54 | |
| 5.14.2 | 68 / 54 | |
| 5.14.1 | 68 / 54 | |
| 5.14.0 | 68 / 54 | |
| 5.13.0 | 68 / 54 | |
| 5.12.3 | 68 / 54 | |
| 5.12.2 | 68 / 54 | |
| 5.12.1 | 68 / 54 | |
| 5.12.0 | 68 / 54 | |
| 5.11.0 | 68 / 54 | |
| 5.10.5 | 68 / 54 | |
| 5.10.4 | 68 / 54 | |
| 5.10.3 | 68 / 54 | |
| 5.10.2 | 68 / 51 | |
| 5.10.1 | 68 / 51 | |
| 5.10.0 | 68 / 51 | |
| 5.9.7 | 68 / 51 | |
| 5.9.6 | 68 / 51 | |
| 5.9.5 | 68 / 51 | |
| 5.9.4 | 68 / 51 | |
| 5.9.3 | 68 / 51 | |
| 5.9.2 | 68 / 51 | |
| 5.9.1 | 68 / 51 | |
| 5.9.0 | 68 / 51 | |
| 5.8.0 | 68 / 51 | |
| 5.7.1 | 68 / 51 | |
| 5.7.0 | 68 / 51 | |
| 5.6.5 | 68 / 51 | |
| 5.6.4 | 68 / 51 | |
| 5.6.3 | 68 / 53 | |
| 5.6.2 | 68 / 53 | |
| 5.6.1 | 68 / 53 | |
| 5.6.0 | 68 / 53 | |
| 5.5.3 | 68 / 53 | |
| 5.5.2 | 68 / 53 | |
| 5.5.1 | 68 / 53 | |
| 5.5.0 | 68 / 53 | |
| 5.4.0 | 68 / 53 | |
| 5.3.0 | 68 / 53 | |
| 5.2.2 | 68 / 53 | |
| 5.2.1 | 68 / 53 | |
| 5.2.0 | 68 / 53 | |
| 5.1.1 | 68 / 53 | |
| 5.0.1 | 68 / 53 |
v5.15.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.15.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.15.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.15.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.15.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.15.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.15.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.15.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.14.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.14.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.14.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.13.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.12.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.12.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.12.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.12.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.11.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.10.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.10.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.10.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.10.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.10.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.9.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.9.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.9.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.9.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.9.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.9.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.9.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.9.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.8.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.7.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.7.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.6.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.6.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.6.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.6.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.6.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.6.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.5.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.5.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.5.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.5.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.4.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.3.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.2.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.2.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.2.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.1.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.0.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.