@matterbridge/frontend
Matterbridge frontend application
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:@mdi/js | AI (dependencies): @mdi/js is the official Material Design Icons JS package, widely used in the React ecosystem. No security concerns associated with this package. | ai | |
| dependencies | unvetted-dep:@mdi/react | AI (dependencies): @mdi/react is the official Material Design Icons React component package. Widely used, no security concerns. | ai | |
| phantom-deps | phantom-dep:notistack | AI (phantom-deps): Pre-built frontend bundle; notistack is compiled into the build output. Expected pattern for this package. | ai | |
| phantom-deps | phantom-dep:react-dom | AI (phantom-deps): Pre-built frontend bundle; react-dom is compiled into the build output. Expected pattern for this package. | ai | |
| phantom-deps | phantom-dep:@mdi/react | AI (phantom-deps): Pre-built frontend bundle; @mdi/react is compiled into the build output. Expected pattern for this package. | ai | |
| phantom-deps | phantom-dep:@rjsf/core | AI (phantom-deps): Pre-built frontend bundle; @rjsf/core is compiled into the build output. Expected pattern for this package. | ai | |
| phantom-deps | phantom-dep:@rjsf/utils | AI (phantom-deps): Pre-built frontend bundle; @rjsf/utils is compiled into the build output. Expected pattern for this package. | ai | |
| phantom-deps | phantom-dep:react | AI (phantom-deps): Pre-built frontend bundle; React and all UI deps are compiled into the build output, not directly imported in shipped source files. Expected pattern for this package. | ai | |
| phantom-deps | phantom-dep:react-router | AI (phantom-deps): Pre-built frontend bundle; react-router is compiled into the build output. Expected pattern for this package. | ai | |
| phantom-deps | phantom-dep:@emotion/react | AI (phantom-deps): Pre-built frontend bundle; @emotion/react is compiled into the build output. Expected pattern for this package. | ai | |
| phantom-deps | phantom-dep:@emotion/styled | AI (phantom-deps): Pre-built frontend bundle; @emotion/styled is compiled into the build output. Expected pattern for this package. | ai | |
| phantom-deps | phantom-dep:@mui/icons-material | AI (phantom-deps): Pre-built frontend bundle; @mui/icons-material is compiled into the build output. Expected pattern for this package. | ai | |
| phantom-deps | phantom-dep:@rjsf/validator-ajv8 | AI (phantom-deps): Pre-built frontend bundle; @rjsf/validator-ajv8 is compiled into the build output. Expected pattern for this package. | ai | |
| phantom-deps | phantom-dep:qrcode.react | AI (phantom-deps): Pre-built frontend bundle; qrcode.react is compiled into the build output. Expected pattern for this package. | ai | |
| phantom-deps | phantom-dep:@mdi/js | AI (phantom-deps): Pre-built frontend bundle; @mdi/js is compiled into the build output. Expected pattern for this package. | ai |
Versions (showing 13 of 13)
| Version | Deps | Published |
|---|---|---|
| 3.4.16 | 14 / 0 | |
| 3.4.15 | 14 / 0 | |
| 3.4.14 | 14 / 0 | |
| 3.4.13 | 14 / 0 | |
| 3.4.12 | 14 / 0 | |
| 3.4.11 | 14 / 0 | |
| 3.4.10 | 14 / 0 | |
| 3.4.9 | 14 / 0 | |
| 3.4.8 | 14 / 0 | |
| 3.4.7 | 15 / 0 | |
| 3.4.6 | 15 / 0 | |
| 3.4.5 | 15 / 0 | |
| 3.4.4 | 15 / 0 |
v3.4.16
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.4.15
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.4.14
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.4.13
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.4.12
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.4.11
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.4.10
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.4.9
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.4.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.4.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.4.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.4.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.4.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.