All @mastra/playground-ui versions
@mastra/playground-ui @33.0.1
Mastra Playground components
Maintainers
Keywords
Dependencies (30)
| Package | Constraint | Registry Status |
|---|---|---|
| cmdk | ^1.1.1 | auto_approved |
| shiki | ^1.29.2 | No greenflagged match |
| sonner | ^2.0.7 | auto_approved |
| zustand | ^5.0.12 | auto_approved |
| date-fns | 4.1.0 | auto_approved |
| prettier | ^3.8.3 | auto_approved |
| recharts | ^3.8.0 | auto_approved |
| remark-gfm | ^4.0.1 | auto_approved |
| easy-day-js | ^1.11.21 | auto_approved |
| use-debounce | ^10.1.0 | auto_approved |
| @base-ui/react | ^1.5.0 | auto_approved |
| react-markdown | ^9.1.0 | auto_approved |
| @codemirror/view | ^6.40.0 | auto_approved |
| @lezer/highlight | ^1.2.3 | auto_approved |
| react-day-picker | ^8.10.1 | auto_approved |
| @codemirror/merge | ^6.12.1 | auto_approved |
| @codemirror/state | ^6.6.0 | auto_approved |
| @hello-pangea/dnd | ^18.0.1 | auto_approved |
| @codemirror/search | ^6.6.0 | auto_approved |
| @codemirror/language | ^6.12.3 | auto_approved |
| @codemirror/lang-json | ^6.0.2 | auto_approved |
| @uiw/react-codemirror | ^4.25.9 | auto_approved |
| react-resizable-panels | ^4.7.3 | auto_approved |
| @tanstack/react-virtual | ^3.13.22 | auto_approved |
| @codemirror/autocomplete | ^6.20.1 | auto_approved |
| @codemirror/legacy-modes | ^6.5.2 | auto_approved |
| @codemirror/lang-markdown | ^6.5.0 | auto_approved |
| @codemirror/lang-javascript | ^6.2.5 | auto_approved |
| @uiw/codemirror-theme-dracula | ^4.25.9 | auto_approved |
| @radix-ui/react-visually-hidden | ^1.2.4 | auto_approved |
Dev Dependencies (38)
| Package | Constraint | Registry Status |
|---|---|---|
| msw | ^2.12.11 | auto_approved |
| clsx | ^2.1.1 | auto_approved |
| vite | ^7.3.1 | approved |
| jsdom | ^26.1.0 | auto_approved |
| react | ^19.2.5 | auto_approved |
| vitest | 4.1.5 | No greenflagged match |
| react-dom | ^19.2.5 | auto_approved |
| storybook | ^10.4.1 | auto_approved |
| @vitest/ui | 4.1.5 | auto_approved |
| typescript | ^6.0.3 | auto_approved |
| @types/node | 22.19.15 | auto_approved |
| tailwindcss | 4.2.2 | auto_approved |
| @mastra/core | 1.42.0 | auto_approved |
| @types/react | ^19.2.14 | auto_approved |
| @mastra/react | 0.6.0 | auto_approved |
| @internal/lint | 0.0.104 | Not imported |
| tailwind-merge | ^3.5.0 | auto_approved |
| tw-animate-css | ^1.4.0 | auto_approved |
| vite-plugin-dts | ^4.5.4 | auto_approved |
| @types/react-dom | ^19.2.3 | auto_approved |
| @mastra/client-js | ^1.24.0 | auto_approved |
| @tailwindcss/vite | 4.2.2 | auto_approved |
| @types/json-schema | ^7.0.15 | auto_approved |
| @storybook/addon-mcp | ^0.6.0 | Not imported |
| @tailwindcss/postcss | ^4.2.2 | auto_approved |
| @vitejs/plugin-react | ^5.2.0 | auto_approved |
| @storybook/addon-a11y | ^10.4.1 | auto_approved |
| @storybook/addon-docs | ^10.4.1 | auto_approved |
| @storybook/react-vite | ^10.4.1 | auto_approved |
| @tanstack/react-query | ^5.90.21 | auto_approved |
| @testing-library/react | ^16.3.2 | auto_approved |
| @tailwindcss/typography | ^0.5.19 | auto_approved |
| eslint-plugin-storybook | ^10.4.2 | auto_approved |
| class-variance-authority | ^0.7.1 | auto_approved |
| eslint-plugin-react-hooks | ^7.1.1 | auto_approved |
| vite-plugin-lib-inject-css | ^2.2.2 | auto_approved |
| eslint-plugin-react-refresh | ^0.5.2 | auto_approved |
| rollup-plugin-node-externals | ^8.1.2 | auto_approved |
Transitive Dependency Tree
Changes from v33.0.0
Dependency Changes
| Change | Package | Version |
|---|---|---|
| added | easy-day-js | ^1.11.21 |
File Changes
Risk Dispositions (1 applicable to this version, 0 other)
Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.
| Rule | Source | Disposition | Author | Reason | |
|---|---|---|---|---|---|
regressed-provenance |
provenance | reject | AI | AI (provenance): Package consistently published via CI with attestations; manual publish without provenance is anomalous and high-risk. |
SAST Findings (2)
This version was published without provenance, but prior versions were published via CI/CD with attestations. This is a strong signal of a potential account compromise or unauthorized publish. The axios attack (March 2026) exhibited exactly this pattern.
This version was published by a different npm account (ehindero) than the most recent previously approved version (GitHub Actions) on 2026-06-17, but ehindero is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
Review Summary
Risk score: 48. Findings: 1 high (+25), 2 medium (+20), 1 low (+3), 3 info (+0).
Published to npm: