@omicronenergy/oscd-ui No license 7 versions

@omicronenergy/oscd-ui

npm Repository Homepage

7

Versions

—

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

ca-djakob.birnbaumerstee-re

Keywords

OpenSCDiec81650

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
dependencies	unvetted-dep:@omicronenergy/oscd-material-web-base	AI (dependencies): Same-org dependency replacing @material/web; consistent with package's component library purpose.	ai	2026/05/24
source-diff	source-size-tripled	AI (source-diff): Size increase reflects addition of Material Web component CSS-in-JS files, not injected payload.	ai	2026/05/24
source-diff	obfuscated-file:radio/internal/radio-styles.js	AI (source-diff): Generated CSS-in-JS from Material Web build pipeline; long lines are minified CSS template literals, not obfuscation.	ai	2026/05/24
source-diff	large-new-source-files	AI (source-diff): New files are Material Web component build artifacts; consistent with package's documented build process.	ai	2026/05/24
phantom-deps	phantom-dep:@lit/reactive-element	AI (phantom-deps): Newly added runtime dep; used by Material Web and lit ecosystem.	ai	2026/05/24
phantom-deps	phantom-dep:@open-wc/scoped-elements	AI (phantom-deps): Web-components utility; used in config and as transitive import.	ai	2026/05/24
phantom-deps	phantom-dep:@webcomponents/scoped-custom-element-registry	AI (phantom-deps): Web-components polyfill; used in config and as transitive import.	ai	2026/05/24
phantom-deps	phantom-dep:lit	AI (phantom-deps): Web-components library; lit is a core peer dependency used transitively.	ai	2026/05/24
phantom-deps	phantom-dep:tslib	AI (phantom-deps): Known implicit runtime dependency; stable for TypeScript-based packages.	ai	2026/05/24
phantom-deps	phantom-dep:@material/web	AI (phantom-deps): Material Web components library; used in config and as transitive import.	ai	2026/05/24

Versions (showing 7 of 7)

Version	Deps	Published
0.0.12	5 / 45	2026-04-15
0.0.7	6 / 48	2025-09-30
0.0.6	6 / 36	2025-06-16
0.0.5	6 / 35	2025-06-13
0.0.4	5 / 26	2025-06-02
0.0.3	5 / 26	2025-05-28
0.0.2	5 / 26	2025-05-28

v0.0.12

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.7

2 findings

HIGH New obfuscated file: radio/internal/radio-styles.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.6

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.