@memberjunction/ng-agents
MemberJunction: Reusable Angular components for AI Agent management including permissions panel, dialog, and slideover
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:@memberjunction/global | AI (phantom-deps): Same org scope; likely used transitively or via barrel imports within the @memberjunction ecosystem. | ai | |
| source-diff | obfuscated-file:dist/lib/components/create-agent-panel.component.js | AI (source-diff): Angular Ivy compiled output (ngc); long lines are template function bodies, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/lib/components/create-agent-slidein.component.js | AI (source-diff): Angular Ivy compiled output (ngc); long lines are template function bodies, not obfuscation. | ai | |
| provenance | publisher-changed | AI (provenance): Transition to GitHub Actions CI/CD with SLSA provenance attestation; legitimate automation migration. | ai | |
| source-diff | obfuscated-file:dist/lib/components/agent-permissions-dialog.component.js | AI (source-diff): Angular Ivy compiled output (ngc); long lines are template function bodies, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/lib/components/agent-permissions-panel.component.js | AI (source-diff): Angular Ivy compiled output (ngc); long lines are template function bodies, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/lib/components/agent-permissions-slideover.component.js | AI (source-diff): Angular Ivy compiled output (ngc); long lines are template function bodies, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/lib/components/create-agent-dialog.component.js | AI (source-diff): Angular Ivy compiled output (ngc); long lines are template function bodies, not obfuscation. | ai | |
| phantom-deps | phantom-dep:@angular/cdk | AI (phantom-deps): Angular CDK loaded by convention in Angular component libraries; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@memberjunction/ng-shared | AI (phantom-deps): Same-org sibling dependency; may be used indirectly via re-exports, stable false positive for this monorepo package. | ai | |
| phantom-deps | phantom-dep:tslib | AI (phantom-deps): tslib is a standard TypeScript runtime helper; implicit dependency pattern is stable for this package. | ai |
Versions (showing 51 of 53)
| Version | Deps | Published |
|---|---|---|
| 5.39.0 | 12 / 4 | |
| 5.38.0 | 12 / 4 | |
| 5.37.0 | 12 / 4 | |
| 5.36.0 | 12 / 4 | |
| 5.35.0 | 12 / 4 | |
| 5.34.1 | 12 / 4 | |
| 5.34.0 | 12 / 4 | |
| 5.33.0 | 12 / 4 | |
| 5.32.0 | 12 / 4 | |
| 5.31.0 | 12 / 4 | |
| 5.30.1 | 11 / 4 | |
| 5.30.0 | 11 / 4 | |
| 5.29.0 | 11 / 4 | |
| 5.28.0 | 11 / 4 | |
| 5.27.1 | 11 / 4 | |
| 5.27.0 | 11 / 4 | |
| 5.26.0 | 11 / 4 | |
| 5.25.0 | 11 / 4 | |
| 5.24.0 | 11 / 4 | |
| 5.23.0 | 11 / 4 | |
| 5.22.0 | 11 / 4 | |
| 5.21.0 | 11 / 4 | |
| 5.20.0 | 11 / 4 | |
| 5.19.0 | 11 / 4 | |
| 5.18.0 | 11 / 4 | |
| 5.17.0 | 11 / 4 | |
| 5.16.0 | 11 / 4 | |
| 5.15.0 | 11 / 4 | |
| 5.14.0 | 11 / 4 | |
| 5.13.0 | 11 / 4 | |
| 5.12.0 | 11 / 4 | |
| 5.11.0 | 11 / 4 | |
| 5.10.1 | 11 / 4 | |
| 5.10.0 | 11 / 4 | |
| 5.9.0 | 11 / 4 | |
| 5.8.0 | 11 / 4 | |
| 5.7.0 | 11 / 4 | |
| 5.6.0 | 11 / 4 | |
| 5.5.0 | 11 / 4 | |
| 5.4.1 | 11 / 4 | |
| 5.4.0 | 11 / 4 | |
| 5.3.1 | 11 / 4 | |
| 5.3.0 | 11 / 4 | |
| 5.2.0 | 11 / 4 | |
| 5.1.0 | 11 / 4 | |
| 5.0.0 | 11 / 4 | |
| 4.4.0 | 11 / 4 | |
| 4.3.1 | 11 / 4 | |
| 4.3.0 | 11 / 4 | |
| 4.2.0 | 11 / 3 | |
| 4.1.0 | 11 / 3 |
v5.39.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.38.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.37.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.36.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.35.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.34.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.34.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.33.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.32.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.31.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.30.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.29.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.28.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.27.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.27.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.26.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.25.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.24.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.23.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.22.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.21.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.20.0
2 findingsThis version was published by a different npm account than previous versions on 2026-03-27. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.19.0
2 findingsThis version was published by a different npm account than previous versions on 2026-03-27. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.18.0
2 findingsThis version was published by a different npm account than previous versions on 2026-03-26. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.17.0
2 findingsThis version was published by a different npm account than previous versions on 2026-03-24. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.16.0
2 findingsThis version was published by a different npm account than previous versions on 2026-03-24. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.15.0
2 findingsThis version was published by a different npm account than previous versions on 2026-03-23. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.14.0
2 findingsThis version was published by a different npm account than previous versions on 2026-03-20. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.13.0
2 findingsThis version was published by a different npm account than previous versions on 2026-03-17. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.12.0
2 findingsThis version was published by a different npm account than previous versions on 2026-03-16. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.11.0
2 findingsThis version was published by a different npm account than previous versions on 2026-03-12. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.10.1
2 findingsThis version was published by a different npm account than previous versions on 2026-03-11. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.10.0
2 findingsThis version was published by a different npm account than previous versions on 2026-03-10. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.9.0
2 findingsThis version was published by a different npm account than previous versions on 2026-03-08. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.8.0
2 findingsThis version was published by a different npm account than previous versions on 2026-03-06. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.7.0
2 findingsThis version was published by a different npm account than previous versions on 2026-03-04. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.6.0
2 findingsThis version was published by a different npm account than previous versions on 2026-03-03. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.5.0
2 findingsThis version was published by a different npm account than previous versions on 2026-03-02. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.4.1
2 findingsThis version was published by a different npm account than previous versions on 2026-02-27. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.4.0
2 findingsThis version was published by a different npm account than previous versions on 2026-02-27. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.3.1
2 findingsThis version was published by a different npm account than previous versions on 2026-02-24. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.3.0
2 findingsThis version was published by a different npm account than previous versions on 2026-02-24. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.2.0
2 findingsThis version was published by a different npm account than previous versions on 2026-02-20. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.1.0
2 findingsThis version was published by a different npm account than previous versions on 2026-02-18. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.0.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.4.0
2 findingsThis version was published by a different npm account than previous versions on 2026-02-12. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.3.1
2 findingsThis version was published by a different npm account than previous versions on 2026-02-12. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.3.0
2 findingsThis version was published by a different npm account than previous versions on 2026-02-12. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.2.0
2 findingsThis version was published by a different npm account than previous versions on 2026-02-10. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.1.0
8 findingsThis version was published by a different npm account than previous versions on 2026-02-09. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.