@magic-xpa/angular
This package is part of Magic xpa Web Application Framework. It is used to easily create modern business apps powered by Angular to provide a rich user experience and meet the increasingly complex enterprise business expectations for digital transformati
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | no-provenance | AI (provenance): Provenance missing but common; low risk given package maturity and ecosystem adoption. | ai | |
| dependencies | unvetted-dep:@maskito/angular | AI (dependencies): @maskito/angular is a legitimate, widely-used input masking library; stable dependency for this package. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Commercial SDK with EULA license; sparse metadata is consistent across all versions of this package family. | ai | |
| phantom-deps | phantom-dep:@magic-xpa/angular-material-core | AI (phantom-deps): Same org scope; declared as a dependency even if not directly imported — stable false positive for this package. | ai |
Versions (showing 4 of 4)
| Version | Deps | Published |
|---|---|---|
| 4.1202.0 | 8 / 0 | |
| 4.1201.1 | 8 / 0 | |
| 4.1201.0 | 8 / 0 | |
| 4.1200.0 | 8 / 0 |
v4.1201.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.1201.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.1200.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.