@module-federation/treeshake-frontend No license 5 versions

@module-federation/treeshake-frontend

这是一个前端应用，用于可视化展示一个支持 Tree Shaking 的模块联邦（Module Federation）`shared` 产物打包服务所带来的收益。用户可以通过该页面，直观地对比完整 `shared` 包与经过按需保留导出后 Tree Shaken 的包之间在体积、模块数量和代码内容上的差异。

Versions

—

License

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

zackljacksonhealshawzhougioboa

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
phantom-deps	phantom-dep:react	AI (phantom-deps): UI component library; deps declared for consumers, not directly imported in adapter entry.	ai	2026/05/28
phantom-deps	phantom-dep:react-dom	AI (phantom-deps): Same pattern — peer dep declared for consumers of this frontend library.	ai	2026/05/28
phantom-deps	phantom-dep:zod	AI (phantom-deps): Declared for consumer use; not imported in adapter entry point.	ai	2026/05/28
phantom-deps	phantom-dep:clsx	AI (phantom-deps): Declared for consumer use; not imported in adapter entry point.	ai	2026/05/28
phantom-deps	phantom-dep:lucide-react	AI (phantom-deps): Declared for consumer use; not imported in adapter entry point.	ai	2026/05/28
dependencies	unvetted-dep:@radix-ui/react-avatar	AI (dependencies): Well-known Radix UI primitive; no security concerns.	ai	2026/05/28
dependencies	unvetted-dep:@radix-ui/react-hover-card	AI (dependencies): Well-known Radix UI primitive; no security concerns.	ai	2026/05/28

Versions (showing 5 of 5)

Version	Deps	Published
2.4.0	52 / 21	2026-04-29
2.3.3	52 / 21	2026-04-16
2.3.1	52 / 21	2026-03-31
2.2.2	52 / 21	2026-03-17
2.0.1	52 / 21	2026-02-12

v2.3.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.3.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.2.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.