@oicl/openbridge-webcomponents-ng
The core library of the OpenBridge design system, implemented as Lit-based web components.
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:fesm2022/oicl-openbridge-webcomponents-ng.mjs | AI (source-diff): Standard Angular FESM2022 bundle; long lines are normal for this build format, not obfuscation. | ai | |
| source-diff | obfuscated-file:index.d.ts | AI (source-diff): TypeScript declaration file with long import lines; normal ng-packagr output, not obfuscated. | ai | |
| source-diff | source-size-tripled | AI (source-diff): Size increase reflects first full v0.1.0 Angular library build; expected for this package. | ai | |
| dependencies | unvetted-dep:@oicl/openbridge-webcomponents | AI (dependencies): Sibling package from the same org/repo; expected dependency for this Angular wrapper. | ai | |
| phantom-deps | phantom-dep:tslib | AI (phantom-deps): tslib is a standard implicit dependency for Angular/TypeScript compiled packages; not a real risk. | ai |
Versions (showing 25 of 25)
| Version | Deps | Published |
|---|---|---|
| 0.2.2 | 1 / 0 | |
| 0.2.0 | 1 / 0 | |
| 0.1.1 | 1 / 0 | |
| 0.1.0 | 1 / 0 | |
| 0.0.20260414124648 | 1 / 0 | |
| 0.0.20260411072018 | 1 / 0 | |
| 0.0.20260411070828 | 1 / 6 | |
| 0.0.20260410131921 | 1 / 6 | |
| 0.0.20260410082518 | 1 / 0 | |
| 0.0.20260410061657 | 1 / 0 | |
| 0.0.20260409094807 | 1 / 0 | |
| 0.0.20260409063909 | 1 / 0 | |
| 0.0.20260408064217 | 1 / 0 | |
| 0.0.20260408061309 | 1 / 0 | |
| 0.0.20260407101310 | 1 / 0 | |
| 0.0.20260407080359 | 1 / 0 | |
| 0.0.20260327190859 | 1 / 0 | |
| 0.0.20260327071335 | 1 / 0 | |
| 0.0.20260326144656 | 1 / 0 | |
| 0.0.20260326144449 | 1 / 0 | |
| 0.0.20260325140527 | 1 / 0 | |
| 0.0.20260325093621 | 1 / 0 | |
| 0.0.20260324133556 | 1 / 0 | |
| 0.0.20260324125033 | 1 / 0 | |
| 0.0.20260324122617 | 1 / 0 |
v0.2.2
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.1
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.20260414124648
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.20260411072018
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.20260411070828
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.20260410082518
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.20260410061657
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.20260409094807
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.20260409063909
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.20260408064217
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.20260408061309
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.20260407101310
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.20260407080359
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.20260327190859
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.20260327071335
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.20260326144656
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.20260326144449
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.20260325140527
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.20260325093621
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.20260324133556
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.20260324125033
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.20260324122617
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.