@luomus/laji-form — Greenflagged

React module capable of building dynamic forms from Laji form json schemas

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

olzraitimjlummemerannisblodirrpulkka

Keywords

react-jsonschema-formlaji-formluomus

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	obfuscated-file:lib/generated/api.d.ts	AI (source-diff): Auto-generated OpenAPI TypeScript declarations via openapi-typescript; long lines are expected in generated type files.	ai	2026/05/24
dependencies	unvetted-dep:react-bootstrap-5	AI (dependencies): Optional dep aliasing the well-known react-bootstrap package; stable pattern for this package.	ai	2026/05/23
phantom-deps	phantom-dep:@types/react-bootstrap	AI (phantom-deps): Type-only optional dep; phantom-dep false positive for @types/* in TypeScript projects.	ai	2026/05/08
phantom-deps	phantom-dep:@types/react	AI (phantom-deps): TypeScript type declaration package; not directly imported at runtime by convention.	ai	2026/05/08
phantom-deps	phantom-dep:@types/memoizee	AI (phantom-deps): TypeScript type declaration package; not directly imported at runtime by convention.	ai	2026/05/08
phantom-deps	phantom-dep:@types/react-dom	AI (phantom-deps): TypeScript type declaration package; not directly imported at runtime by convention.	ai	2026/05/08
phantom-deps	phantom-dep:@types/deep-equal	AI (phantom-deps): TypeScript type declaration package; not directly imported at runtime by convention.	ai	2026/05/08
phantom-deps	phantom-dep:@types/react-spinner	AI (phantom-deps): TypeScript type declaration package; not directly imported at runtime by convention.	ai	2026/05/08
semgrep	semgrep:eval-usage	AI (semgrep): eval() is guarded to only evaluate 'context' or 'formData' paths in a form template engine; legitimate use.	ai	2026/05/08
semgrep	semgrep:dynamic-require	AI (semgrep): Loads local component files from a fixed directory; not arbitrary module loading.	ai	2026/05/08

Versions (showing 51 of 54)

View all versions

Version	Deps	Published
15.1.117	26 / 26	2026-06-04
15.1.116	26 / 26	2026-06-01
15.1.115	26 / 26	2026-05-27
15.1.107	26 / 26	2026-04-13
15.1.106	26 / 26	2026-04-10
15.1.105	26 / 26	2026-04-10
15.1.104	26 / 26	2026-04-10
15.1.103	26 / 26	2026-04-09
15.1.102	26 / 25	2026-04-07
15.1.101	26 / 25	2026-03-25
15.1.100	26 / 25	2026-03-17
15.1.99	26 / 25	2026-03-13
15.1.98	26 / 25	2026-03-11
15.1.97	26 / 25	2026-03-09
15.1.96	26 / 25	2026-03-06
15.1.95	26 / 25	2026-02-27
15.1.94	32 / 25	2026-02-24
15.1.93	26 / 25	2026-02-12
15.1.92	26 / 25	2026-02-12
15.1.90	26 / 25	2026-02-10
15.1.89	26 / 25	2026-02-03
15.1.88	26 / 25	2026-01-23
15.1.87	26 / 25	2026-01-23
15.1.86	26 / 25	2026-01-23
15.1.85	26 / 25	2026-01-23
15.1.84	26 / 25	2026-01-20
15.1.83	26 / 25	2026-01-19
15.1.82	26 / 25	2026-01-16
15.1.81	26 / 25	2026-01-05
15.1.80	26 / 25	2025-12-15
15.1.79	26 / 25	2025-11-24
15.1.78	26 / 25	2025-11-24
15.1.77	26 / 25	2025-11-21
15.1.76	26 / 25	2025-11-21
15.1.75	26 / 25	2025-11-20
15.1.74	26 / 25	2025-11-14
15.1.73	26 / 25	2025-11-14
15.1.72	26 / 25	2025-11-05
15.1.70	26 / 25	2025-10-16
15.1.69	26 / 24	2025-10-08
15.1.68	26 / 25	2025-10-02
15.1.67	26 / 25	2025-09-29
15.1.60	26 / 23	2025-08-20
15.1.59	26 / 23	2025-06-26
15.1.57	26 / 22	2025-06-10
15.1.56	26 / 22	2025-06-09
15.1.54	26 / 22	2025-06-03
15.1.51	26 / 22	2025-05-21
15.1.49	26 / 22	2025-05-19
15.1.48	26 / 22	2025-05-16
15.1.46	26 / 22	2025-05-09