@mercurjs/admin
5
Versions
—
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
gitHead linked
Maintainers
mercurjs
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | large-new-source-files | AI (source-diff): Admin UI bundle; large dist files are expected for React dashboard packages in this ecosystem. | ai | |
| npm-metadata | no-description | AI (npm-metadata): Established package with 91 versions and SLSA provenance; missing description is cosmetic, not a malware signal. | ai | |
| phantom-deps | phantom-dep:@medusajs/dashboard | AI (phantom-deps): Referenced in config files; standard medusajs admin integration pattern. | ai | |
| phantom-deps | phantom-dep:i18next-http-backend | AI (phantom-deps): i18n config-referenced dep; stable false positive for this UI package. | ai | |
| phantom-deps | phantom-dep:@medusajs/admin-shared | AI (phantom-deps): Config-referenced medusajs shared dep; stable false positive. | ai | |
| phantom-deps | phantom-dep:qs | AI (phantom-deps): Config-referenced dep in a bundled UI package; stable false positive. | ai | |
| phantom-deps | phantom-dep:@mercurjs/dashboard-shared | AI (phantom-deps): Same-org monorepo dep; stable false positive. | ai | |
| phantom-deps | phantom-dep:i18next-browser-languagedetector | AI (phantom-deps): i18n config-referenced dep; stable false positive. | ai | |
| phantom-deps | phantom-dep:@radix-ui/react-dismissable-layer | AI (phantom-deps): Config-referenced UI dep; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@radix-ui/react-dialog | AI (phantom-deps): Config-referenced UI dep; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@babel/runtime | AI (phantom-deps): Framework-scoped transitive dep; stable false positive for this package. | ai |
Versions (showing 5 of 5)
| Version | Deps | Published |
|---|---|---|
| 2.1.2 | 39 / 9 | |
| 2.1.1 | 39 / 9 | |
| 2.1.0 | 39 / 9 | |
| 2.0.2 | 39 / 9 | |
| 2.0.1 | 39 / 9 |
v2.1.2
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.1.0
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.0.2
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.0.1
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.