@meshagent/meshagent-tailwind
Meshagent Tailwind Components
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:@meshagent/meshagent-agents | AI (dependencies): First-party sibling package from the same @meshagent org; stable across versions. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Legitimate UI component library; README link dump heuristic is a false positive here. | ai | |
| phantom-deps | phantom-dep:esbuild-plugin-alias | AI (phantom-deps): Used in build.js config; phantom-dep heuristic false positive for this package. | ai | |
| phantom-deps | phantom-dep:yjs | AI (phantom-deps): Declared as runtime dep for collaborative features; phantom-dep heuristic false positive for this UI library. | ai | |
| phantom-deps | phantom-dep:@radix-ui/react-checkbox | AI (phantom-deps): Declared runtime dep for UI components; phantom-dep heuristic false positive. | ai | |
| phantom-deps | phantom-dep:@radix-ui/react-icons | AI (phantom-deps): Declared runtime dep for UI components; phantom-dep heuristic false positive. | ai | |
| phantom-deps | phantom-dep:base-64 | AI (phantom-deps): Declared runtime dep; phantom-dep heuristic false positive for this package. | ai |
Versions (showing 29 of 29)
| Version | Deps | Published |
|---|---|---|
| 0.44.7 | 33 / 27 | |
| 0.44.6 | 33 / 27 | |
| 0.44.5 | 33 / 27 | |
| 0.44.4 | 33 / 27 | |
| 0.44.3 | 33 / 27 | |
| 0.44.2 | 33 / 27 | |
| 0.44.1 | 33 / 27 | |
| 0.44.0 | 33 / 27 | |
| 0.43.3 | 33 / 27 | |
| 0.43.2 | 33 / 23 | |
| 0.43.1 | 33 / 23 | |
| 0.43.0 | 33 / 23 | |
| 0.42.2 | 33 / 23 | |
| 0.42.0 | 33 / 23 | |
| 0.41.9 | 33 / 23 | |
| 0.41.7 | 33 / 23 | |
| 0.41.6 | 33 / 23 | |
| 0.41.5 | 33 / 23 | |
| 0.39.9 | 28 / 22 | |
| 0.39.3 | 28 / 22 | |
| 0.35.6 | 28 / 22 | |
| 0.29.1 | 28 / 22 | |
| 0.28.11 | 28 / 22 | |
| 0.28.3 | 28 / 22 | |
| 0.28.1 | 28 / 22 | |
| 0.28.0 | 28 / 22 | |
| 0.20.1 | 28 / 22 | |
| 0.19.1 | 28 / 22 | |
| 0.6.0 | 28 / 22 |
v0.44.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.44.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.44.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.44.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.44.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.44.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.44.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.44.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.43.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.43.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.43.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.43.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.42.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.42.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.41.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.41.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.41.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.41.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.39.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.35.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.29.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.28.11
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.28.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.28.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.28.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.20.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.19.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.6.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.