@node-core/ui-components
This package is comprised of UI components for use in the Node.js website, documentation, and other aspects of the project.
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| npm-metadata | no-description | AI (npm-metadata): Scoped org package from nodejs/nodejs.org monorepo; missing description is cosmetic, not a risk signal here. | ai | |
| dependencies | unvetted-dep:@orama/ui | AI (dependencies): Legitimate search UI library used in nodejs.org; consistent with package purpose. | ai | |
| dependencies | unvetted-dep:@vcarl/remark-headings | AI (dependencies): Remark plugin by known Node.js contributor; consistent with nodejs.org docs tooling. | ai | |
| dependencies | unvetted-dep:@radix-ui/react-avatar | AI (dependencies): Radix UI primitive; widely used, consistent with UI component library. | ai | |
| dependencies | unvetted-dep:@orama/core | AI (dependencies): Orama search engine core; well-known library, consistent with package purpose. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Internal Node.js org UI library; sparse README and no keywords are expected for a scoped internal package. | ai | |
| phantom-deps | phantom-dep:@vcarl/remark-headings | AI (phantom-deps): Config-file-only reference; stable false positive for this build tooling package. | ai | |
| phantom-deps | phantom-dep:typescript | AI (phantom-deps): Build-time type checker; config-only usage is expected for this UI component package. | ai | |
| phantom-deps | phantom-dep:postcss-cli | AI (phantom-deps): CLI tool invoked via npm scripts, not imported in source; stable false positive. | ai | |
| phantom-deps | phantom-dep:postcss-calc | AI (phantom-deps): PostCSS plugin used via config, not directly imported; stable false positive. | ai | |
| phantom-deps | phantom-dep:@types/react | AI (phantom-deps): Type-only package; framework-scoped, loaded by convention. | ai | |
| phantom-deps | phantom-dep:@orama/orama | AI (phantom-deps): Referenced in config/type context; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:tailwindcss | AI (phantom-deps): CSS framework used via PostCSS config, not directly imported; stable false positive. | ai | |
| phantom-deps | phantom-dep:@tailwindcss/postcss | AI (phantom-deps): PostCSS plugin used via config, not directly imported; stable false positive. | ai |
Versions (showing 16 of 16)
| Version | Deps | Published |
|---|---|---|
| 1.7.0 | 20 / 23 | |
| 1.6.3 | 20 / 21 | |
| 1.6.2 | 20 / 21 | |
| 1.6.1 | 20 / 21 | |
| 1.5.10 | 15 / 0 | |
| 1.5.8 | 15 / 0 | |
| 1.5.7 | 15 / 0 | |
| 1.5.6 | 15 / 0 | |
| 1.5.3 | 15 / 0 | |
| 1.5.1 | 15 / 0 | |
| 1.4.4 | 16 / 0 | |
| 1.4.3 | 16 / 0 | |
| 1.4.1 | 16 / 0 | |
| 1.3.0 | 15 / 0 | |
| 1.2.0 | 15 / 0 | |
| 1.1.0 | 15 / 0 |
v1.7.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.6.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.6.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.6.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.5.10
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.5.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.5.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.5.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.5.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.5.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.4.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.4.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.4.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.3.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.2.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.1.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.