@masterteam/components
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:fesm2022/masterteam-components-treeselect-field.mjs | AI (source-diff): Angular FESM2022 bundle output; long lines are standard minified ESM, not obfuscation. Stable pattern for this package. | ai | |
| provenance | missing-githead | AI (provenance): High-frequency publisher with clean history; missing gitHead is a CI config change, not a malware signal for this package. | ai | |
| dependencies | unvetted-peer-dep:primeng | AI (dependencies): Stable peer dep for UI components; consistent across versions. | ai | |
| dependencies | unvetted-peer-dep:quill | AI (dependencies): Stable peer dep for editor functionality; consistent across versions. | ai | |
| dependencies | unvetted-peer-dep:@jsverse/transloco | AI (dependencies): Stable peer dep for i18n; consistent across versions. | ai | |
| dependencies | unvetted-peer-dep:ngx-quill | AI (dependencies): Stable peer dep for editor functionality; consistent across versions. | ai | |
| source-diff | obfuscated-file:fesm2022/masterteam-components-property-filter-builder.mjs | AI (source-diff): Standard Angular FESM2022 bundle output; long lines are normal for this build format. | ai | |
| source-diff | obfuscated-file:fesm2022/masterteam-components-business-fields.mjs | AI (source-diff): Standard Angular FESM2022 bundle output; long lines are normal for this build format. | ai | |
| source-diff | obfuscated-file:fesm2022/masterteam-components-entities.mjs | AI (source-diff): Standard Angular FESM2022 bundle output; long lines are normal for this build format. | ai | |
| source-diff | large-new-source-files | AI (source-diff): New files are new component entry-points matching package.json exports; expected growth for a component library. | ai | |
| source-diff | obfuscated-file:fesm2022/masterteam-components-table.mjs | AI (source-diff): Standard Angular FESM2022 bundle; long lines from inlined templates, not obfuscation. | ai | |
| source-diff | obfuscated-file:fesm2022/masterteam-components-editor-field.mjs | AI (source-diff): Standard Angular FESM2022 bundle; long lines from inlined templates, not obfuscation. | ai | |
| source-diff | obfuscated-file:fesm2022/masterteam-components-formula-builder.mjs | AI (source-diff): Standard Angular FESM2022 bundle; long lines from inlined templates, not obfuscation. | ai | |
| source-diff | obfuscated-file:fesm2022/masterteam-components-paginator.mjs | AI (source-diff): Standard Angular FESM2022 bundle; long lines from inlined templates, not obfuscation. | ai | |
| source-diff | obfuscated-file:fesm2022/masterteam-components-radio-button-field.mjs | AI (source-diff): Standard Angular FESM2022 bundle; long lines from inlined templates, not obfuscation. | ai | |
| source-diff | obfuscated-file:fesm2022/masterteam-components-radio-cards.mjs | AI (source-diff): Standard Angular FESM2022 bundle; long lines from inlined templates, not obfuscation. | ai | |
| source-diff | obfuscated-file:fesm2022/masterteam-components-toggle-field.mjs | AI (source-diff): Standard Angular FESM2022 bundle; long lines from inlined templates, not obfuscation. | ai | |
| source-diff | obfuscated-file:fesm2022/masterteam-components-location-field.mjs | AI (source-diff): Angular FESM2022 bundle; long lines are normal for this build format, not obfuscation. | ai | |
| dependencies | unvetted-dep:xlsx | AI (dependencies): xlsx is expected for a components library with table/spreadsheet export features; stable usage pattern across versions. | ai | |
| source-diff | obfuscated-file:fesm2022/masterteam-components-button.mjs | AI (source-diff): Standard Angular FESM2022 build output; long lines are from inlined component metadata, not obfuscation. | ai | |
| source-diff | obfuscated-file:fesm2022/masterteam-components-client-page.mjs | AI (source-diff): Angular FESM2022 bundle produced by ng-packagr; long lines are compiled template/metadata, not obfuscation. Consistent with all other component bundles in this library. | ai | |
| provenance | no-provenance | AI (provenance): Established Angular component library with 153 versions; lack of Sigstore provenance is a process gap, not a security indicator for this package. | ai | |
| phantom-deps | phantom-dep:tslib | AI (phantom-deps): tslib is a standard Angular library runtime dependency; phantom-dep finding is a false positive for Angular component libraries. | ai |
Versions (showing 51 of 88)
| Version | Deps | Published |
|---|---|---|
| 0.0.182 | 2 / 0 | |
| 0.0.175 | 2 / 0 | |
| 0.0.162 | 2 / 0 | |
| 0.0.160 | 2 / 0 | |
| 0.0.154 | 2 / 0 | |
| 0.0.141 | 1 / 0 | |
| 0.0.140 | 1 / 0 | |
| 0.0.139 | 1 / 0 | |
| 0.0.138 | 1 / 0 | |
| 0.0.137 | 1 / 0 | |
| 0.0.136 | 1 / 0 | |
| 0.0.135 | 1 / 0 | |
| 0.0.134 | 1 / 0 | |
| 0.0.133 | 1 / 0 | |
| 0.0.132 | 1 / 0 | |
| 0.0.131 | 1 / 0 | |
| 0.0.130 | 1 / 0 | |
| 0.0.129 | 1 / 0 | |
| 0.0.128 | 1 / 0 | |
| 0.0.127 | 1 / 0 | |
| 0.0.126 | 1 / 0 | |
| 0.0.125 | 1 / 0 | |
| 0.0.124 | 1 / 0 | |
| 0.0.123 | 1 / 0 | |
| 0.0.122 | 1 / 0 | |
| 0.0.121 | 1 / 0 | |
| 0.0.120 | 1 / 0 | |
| 0.0.119 | 1 / 0 | |
| 0.0.118 | 1 / 0 | |
| 0.0.117 | 1 / 0 | |
| 0.0.116 | 1 / 0 | |
| 0.0.115 | 1 / 0 | |
| 0.0.114 | 1 / 0 | |
| 0.0.113 | 1 / 0 | |
| 0.0.112 | 1 / 0 | |
| 0.0.111 | 1 / 0 | |
| 0.0.110 | 1 / 0 | |
| 0.0.109 | 1 / 0 | |
| 0.0.107 | 1 / 0 | |
| 0.0.106 | 1 / 0 | |
| 0.0.105 | 1 / 0 | |
| 0.0.104 | 1 / 0 | |
| 0.0.103 | 1 / 0 | |
| 0.0.102 | 1 / 0 | |
| 0.0.101 | 1 / 0 | |
| 0.0.100 | 1 / 0 | |
| 0.0.99 | 1 / 0 | |
| 0.0.98 | 1 / 0 | |
| 0.0.97 | 1 / 0 | |
| 0.0.95 | 1 / 0 | |
| 0.0.94 | 1 / 0 |
v0.0.182
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.175
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.162
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.154
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.141
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: aw_masterteam.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.140
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: aw_masterteam.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.139
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: aw_masterteam.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.138
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: aw_masterteam.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.137
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: aw_masterteam.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.136
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: aw_masterteam.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.135
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: aw_masterteam.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.134
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: aw_masterteam.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.133
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: aw_masterteam.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.132
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: aw_masterteam.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.131
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: aw_masterteam.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.130
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: aw_masterteam.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.129
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: aw_masterteam.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.128
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.127
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: aw_masterteam.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.126
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: aw_masterteam.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.125
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: aw_masterteam.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.124
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: aw_masterteam.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.123
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: aw_masterteam.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.122
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: aw_masterteam.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.121
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.120
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: aw_masterteam.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.119
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: aw_masterteam.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.118
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.117
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.116
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.115
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.114
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.113
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.112
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.111
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.110
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.109
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.107
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.106
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.105
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.104
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.103
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.102
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.101
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.100
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.99
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.98
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.97
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.95
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.94
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.