@nova-design-system/nova-angular
Nova is a design system created by Elia Group to empower creators to efficiently build solutions that people love to use.
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/nova-components/esm2022/lib/components/datatable.utils/flex-render/flex-render-component.mjs | AI (source-diff): Readable TanStack Table Angular integration code with base64 sourcemap; not obfuscated. | ai | |
| source-diff | obfuscated-file:dist/nova-components/esm2022/lib/components/datatable.utils/flex-render/flex-render-component-ref.mjs | AI (source-diff): Standard Angular compiler output with inline sourcemaps; long lines are metadata/sourcemap, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/nova-components/esm2022/lib/components/datatable.utils/proxy.mjs | AI (source-diff): TanStack table proxy utility; long lines from Angular/sourcemap metadata. | ai | |
| source-diff | obfuscated-file:dist/nova-components/esm2022/lib/components/nv-datatable.component.mjs | AI (source-diff): Nova datatable component wrapping TanStack table; long lines from Angular component metadata. | ai | |
| source-diff | obfuscated-file:dist/nova-components/esm2022/lib/components/datatable.utils/lazy-signal-initializer.mjs | AI (source-diff): Proxy-based lazy initializer from TanStack query pattern; readable code, long lines from sourcemap. | ai | |
| source-diff | obfuscated-file:dist/nova-components/esm2022/lib/components/datatable.utils/index.mjs | AI (source-diff): TanStack angular-table integration barrel file; long lines from Angular metadata. | ai | |
| source-diff | obfuscated-file:dist/nova-components/esm2022/lib/components/datatable.utils/flex-render.mjs | AI (source-diff): Angular directive wrapping TanStack FlexRender; long lines from Angular metadata, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/nova-components/esm2022/lib/components/datatable.utils/flex-render/view.mjs | AI (source-diff): FlexRender view utilities from TanStack angular-table; long lines from metadata. | ai | |
| source-diff | obfuscated-file:dist/nova-components/esm2022/lib/providers/notification.service.mjs | AI (source-diff): Angular ESM2022 compiled output; long lines are normal for bundled Angular metadata, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/nova-components/esm2022/lib/providers/notification-service.component.mjs | AI (source-diff): Angular ESM2022 compiled output; long lines are normal for bundled Angular metadata, not obfuscation. | ai | |
| phantom-deps | phantom-dep:zone.js | AI (phantom-deps): Angular framework dependency loaded by convention; stable pattern for this package. | ai | |
| phantom-deps | phantom-dep:@angular/platform-browser-dynamic | AI (phantom-deps): Framework-scoped package loaded by convention; expected for Angular libraries. | ai | |
| phantom-deps | phantom-dep:@angular/platform-browser | AI (phantom-deps): Framework-scoped package loaded by convention; expected for Angular libraries. | ai | |
| phantom-deps | phantom-dep:@tanstack/angular-table | AI (phantom-deps): Config-referenced dependency; stable pattern for this design system. | ai | |
| phantom-deps | phantom-dep:@angular/animations | AI (phantom-deps): Framework-scoped package loaded by convention; expected for Angular libraries. | ai | |
| phantom-deps | phantom-dep:@angular/compiler | AI (phantom-deps): Framework-scoped package loaded by convention; expected for Angular libraries. | ai | |
| phantom-deps | phantom-dep:@angular/router | AI (phantom-deps): Framework-scoped package loaded by convention; expected for Angular libraries. | ai |
Versions (showing 33 of 33)
| Version | Deps | Published |
|---|---|---|
| 3.31.1 | 12 / 14 | |
| 3.31.0 | 12 / 14 | |
| 3.30.0 | 12 / 14 | |
| 3.29.0 | 12 / 14 | |
| 3.28.0 | 12 / 14 | |
| 3.27.0 | 12 / 14 | |
| 3.26.0 | 12 / 14 | |
| 3.25.0 | 12 / 14 | |
| 3.24.0 | 12 / 14 | |
| 3.23.0 | 12 / 14 | |
| 3.22.0 | 12 / 14 | |
| 3.21.0 | 12 / 14 | |
| 3.20.0 | 12 / 14 | |
| 3.19.0 | 12 / 14 | |
| 3.18.0 | 12 / 14 | |
| 3.17.0 | 12 / 14 | |
| 3.16.0 | 12 / 14 | |
| 3.15.0 | 11 / 14 | |
| 3.14.0 | 11 / 14 | |
| 3.13.0 | 11 / 14 | |
| 3.12.0 | 11 / 14 | |
| 3.11.0 | 11 / 14 | |
| 3.10.0 | 11 / 14 | |
| 3.9.1 | 11 / 14 | |
| 3.9.0 | 11 / 14 | |
| 3.8.0 | 11 / 14 | |
| 3.7.0 | 11 / 14 | |
| 3.6.0 | 11 / 14 | |
| 3.5.0 | 11 / 14 | |
| 3.4.0 | 11 / 14 | |
| 3.3.0 | 11 / 14 | |
| 3.2.0 | 11 / 14 | |
| 3.1.0 | 11 / 14 |
v3.31.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.31.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.29.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.28.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.27.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.26.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.25.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.24.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.23.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.22.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.21.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.20.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.19.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.18.0
11 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.17.0
11 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.16.0
11 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.15.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.14.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.13.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.12.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.11.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.10.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.9.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.9.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.8.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.7.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.6.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.5.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.4.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.3.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.2.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.1.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.