@next-core/dev-dependencies
Dev dependencies for brick-next related packages
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:@next-dll/d3 | AI (dependencies): Same-org sibling dep in a dev-dependencies aggregator; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@next-core/browserslist-config-next | AI (dependencies): Same-org sibling dep in a dev-dependencies aggregator; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@next-core/webpack-config-factory | AI (dependencies): Same-org sibling dep in a dev-dependencies aggregator; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@next-core/rollup-config-factory | AI (dependencies): Same-org sibling dep in a dev-dependencies aggregator; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@next-core/build-config-factory | AI (dependencies): Same-org sibling dep in a dev-dependencies aggregator; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@next-core/babel-preset-prismjs | AI (dependencies): Same-org sibling dep in a dev-dependencies aggregator; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@next-dll/editor-bricks-helper | AI (dependencies): Same-org sibling dep in a dev-dependencies aggregator; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@next-core/jest-config-factory | AI (dependencies): Same-org sibling dep in a dev-dependencies aggregator; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@next-core/eslint-config-next | AI (dependencies): Same-org sibling dep in a dev-dependencies aggregator; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@next-core/custom-antd-styles | AI (dependencies): Same-org sibling dep in a dev-dependencies aggregator; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@next-core/babel-preset-next | AI (dependencies): Same-org sibling dep in a dev-dependencies aggregator; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@next-core/build-next-libs | AI (dependencies): Same-org sibling dep in a dev-dependencies aggregator; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@next-core/brick-scripts | AI (dependencies): Same-org sibling dep in a dev-dependencies aggregator; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@next-core/brick-dll | AI (dependencies): Same-org sibling dep in a dev-dependencies aggregator; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@next-dll/react-dnd | AI (dependencies): Same-org sibling dep in a dev-dependencies aggregator; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@next-dll/echarts | AI (dependencies): Same-org sibling dep in a dev-dependencies aggregator; stable pattern across all versions. | ai | |
| dependencies | unvetted-dep:@next-dll/ace | AI (dependencies): Same-org sibling dep in a dev-dependencies aggregator; stable pattern across all versions. | ai | |
| phantom-deps | phantom-dep:@typescript-eslint/eslint-plugin | AI (phantom-deps): Dev-dependencies aggregator; tools referenced in config files by design. | ai | |
| publish-pattern | dormant-publish | AI (publish-pattern): No material changes vs prior version; same-org tooling package with 1070 versions; dormancy consistent with maintenance pause not takeover. | ai | |
| phantom-deps | phantom-dep:rimraf | AI (phantom-deps): Dev-dependencies aggregator; tools referenced in config files by design. | ai | |
| phantom-deps | phantom-dep:cross-env | AI (phantom-deps): Dev-dependencies aggregator; tools referenced in config files by design. | ai | |
| phantom-deps | phantom-dep:babel-jest | AI (phantom-deps): Dev-dependencies aggregator; tools referenced in config files by design. | ai | |
| phantom-deps | phantom-dep:size-limit | AI (phantom-deps): Dev-dependencies aggregator; tools referenced in config files by design. | ai | |
| phantom-deps | phantom-dep:lint-staged | AI (phantom-deps): Dev-dependencies aggregator; tools referenced in config files by design. | ai | |
| phantom-deps | phantom-dep:concurrently | AI (phantom-deps): Dev-dependencies aggregator; tools referenced in config files by design. | ai | |
| phantom-deps | phantom-dep:pretty-format | AI (phantom-deps): Dev-dependencies aggregator; tools referenced in config files by design. | ai | |
| phantom-deps | phantom-dep:enzyme-to-json | AI (phantom-deps): Dev-dependencies aggregator; tools referenced in config files by design. | ai | |
| phantom-deps | phantom-dep:identity-obj-proxy | AI (phantom-deps): Dev-dependencies aggregator; tools referenced in config files by design. | ai | |
| phantom-deps | phantom-dep:eslint-plugin-react | AI (phantom-deps): Dev-dependencies aggregator; tools referenced in config files by design. | ai | |
| phantom-deps | phantom-dep:jest-environment-jsdom | AI (phantom-deps): Dev-dependencies aggregator; tools referenced in config files by design. | ai | |
| phantom-deps | phantom-dep:enzyme-adapter-react-16 | AI (phantom-deps): Dev-dependencies aggregator; tools referenced in config files by design. | ai | |
| phantom-deps | phantom-dep:eslint-plugin-react-hooks | AI (phantom-deps): Dev-dependencies aggregator; tools referenced in config files by design. | ai | |
| phantom-deps | phantom-dep:@babel/core | AI (phantom-deps): Dev-dependencies aggregator; framework-scoped package loaded by convention. | ai | |
| phantom-deps | phantom-dep:@testing-library/react | AI (phantom-deps): Dev-dependencies aggregator; framework-scoped package loaded by convention. | ai | |
| phantom-deps | phantom-dep:@testing-library/jest-dom | AI (phantom-deps): Dev-dependencies aggregator; framework-scoped package loaded by convention. | ai | |
| phantom-deps | phantom-dep:typescript | AI (phantom-deps): Dev-deps aggregator; tools are consumed via config, not direct import. | ai | |
| phantom-deps | phantom-dep:eslint | AI (phantom-deps): Dev-deps aggregator; tools are consumed via config, not direct import. | ai | |
| phantom-deps | phantom-dep:@next-dll/editor-bricks-helper | AI (phantom-deps): Same-org DLL package; consumed via config, not direct import. | ai | |
| phantom-deps | phantom-dep:@next-dll/react-dnd | AI (phantom-deps): Same-org DLL package; consumed via config, not direct import. | ai | |
| phantom-deps | phantom-dep:@next-dll/echarts | AI (phantom-deps): Same-org DLL package; consumed via config, not direct import. | ai | |
| phantom-deps | phantom-dep:@next-dll/ace | AI (phantom-deps): Same-org DLL package; consumed via config, not direct import. | ai | |
| phantom-deps | phantom-dep:@next-dll/d3 | AI (phantom-deps): Same-org DLL package; consumed via config, not direct import. | ai | |
| phantom-deps | phantom-dep:@next-core/browserslist-config-next | AI (phantom-deps): Same-org package bundled for downstream consumers; not directly imported. | ai | |
| phantom-deps | phantom-dep:@next-core/rollup-config-factory | AI (phantom-deps): Same-org package bundled for downstream consumers; not directly imported. | ai | |
| phantom-deps | phantom-dep:@next-core/babel-preset-prismjs | AI (phantom-deps): Same-org package bundled for downstream consumers; not directly imported. | ai | |
| phantom-deps | phantom-dep:@next-core/eslint-config-next | AI (phantom-deps): Same-org package bundled for downstream consumers; not directly imported. | ai | |
| phantom-deps | phantom-dep:@next-core/custom-antd-styles | AI (phantom-deps): Same-org package bundled for downstream consumers; not directly imported. | ai | |
| phantom-deps | phantom-dep:@next-core/babel-preset-next | AI (phantom-deps): Same-org package bundled for downstream consumers; not directly imported. | ai | |
| phantom-deps | phantom-dep:@next-core/build-next-libs | AI (phantom-deps): Same-org package bundled for downstream consumers; not directly imported. | ai | |
| phantom-deps | phantom-dep:@next-core/brick-scripts | AI (phantom-deps): Same-org package bundled for downstream consumers; not directly imported. | ai | |
| phantom-deps | phantom-dep:@next-core/brick-dll | AI (phantom-deps): Same-org package bundled for downstream consumers; not directly imported. | ai | |
| phantom-deps | phantom-dep:husky | AI (phantom-deps): Dev-deps aggregator; tools are consumed via config, not direct import. | ai | |
| phantom-deps | phantom-dep:jest | AI (phantom-deps): Dev-deps aggregator; tools are consumed via config, not direct import. | ai | |
| phantom-deps | phantom-dep:lerna | AI (phantom-deps): Dev-deps aggregator; tools are consumed via config, not direct import. | ai |
Versions (showing 26 of 26)
| Version | Deps | Published |
|---|---|---|
| 1.19.67 | 46 / 18 | |
| 1.19.66 | 46 / 18 | |
| 1.19.65 | 46 / 18 | |
| 1.19.64 | 46 / 18 | |
| 1.19.63 | 46 / 18 | |
| 1.19.62 | 46 / 18 | |
| 1.19.61 | 46 / 18 | |
| 1.19.60 | 46 / 18 | |
| 1.19.59 | 46 / 18 | |
| 1.19.58 | 46 / 18 | |
| 1.19.57 | 46 / 18 | |
| 1.19.55 | 46 / 18 | |
| 1.19.54 | 46 / 18 | |
| 1.19.53 | 46 / 18 | |
| 1.19.52 | 46 / 18 | |
| 1.19.48 | 46 / 18 | |
| 1.19.47 | 46 / 18 | |
| 1.19.46 | 46 / 18 | |
| 1.19.45 | 46 / 18 | |
| 1.19.43 | 46 / 18 | |
| 1.19.42 | 46 / 18 | |
| 1.19.41 | 46 / 18 | |
| 1.19.40 | 46 / 18 | |
| 1.19.39 | 46 / 18 | |
| 1.19.38 | 46 / 18 | |
| 1.19.37 | 46 / 18 |
v1.19.67
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.19.66
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.19.65
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.19.64
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.19.63
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.19.62
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.19.61
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.19.60
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.19.59
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.19.58
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.19.57
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.19.55
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.19.54
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.19.53
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.19.52
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.19.48
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.19.47
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.19.46
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.19.45
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.19.43
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.19.42
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.19.41
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.19.40
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.19.39
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.19.38
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.19.37
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.