← Home

@mui/internal-test-utils

npm Repository Homepage

Utilities for MUI tests. This is an internal package not meant for general use.

9
Versions
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

janpotomsmichaldudakmnajdovadiegoandaibrijeshb42siriwatknpmj12albertaarongarciahdav-isoliviertassinari

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
provenance slsa-provenance AI (provenance): MUI uses GitHub Actions CI/CD for releases; SLSA provenance is expected for this package. ai
bogus-package bogus-package AI (bogus-package): Internal test utility; sparse README and no keywords are expected for an internal-use package. ai
phantom-deps phantom-dep:lodash AI (phantom-deps): lodash is a declared runtime dep used in test utilities; phantom-dep heuristic is a false positive here. ai
phantom-deps phantom-dep:@babel/runtime AI (phantom-deps): Framework-scoped package loaded by convention in Babel-compiled output; stable false positive. ai

Versions (showing 9 of 9)

Version Deps Published
2.0.16 14 / 0
2.0.15 17 / 9
2.0.14 17 / 9
2.0.13 18 / 9
2.0.12 18 / 9
2.0.11 18 / 9
2.0.10 19 / 8
2.0.9 19 / 8
2.0.8 20 / 8

v2.0.16

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.15

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.14

2 findings
HIGH Publisher changed: siriwatknp → GitHub Actions (on 2025-10-01) provenance

This version was published by a different npm account than previous versions on 2025-10-01. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.13

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.12

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.11

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.0.10

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.0.9

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.0.8

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.