← Home

@onereach/ui-components

npm

Vue components library for v3

33
Versions
Apache-2.0
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

onereach.adminonereach.user

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
dependencies unvetted-dep:@vueuse/math AI (dependencies): @vueuse/math is part of the well-known VueUse ecosystem; stable false positive for this package. ai
dependencies unvetted-dep:@splidejs/splide AI (dependencies): @splidejs/splide is a well-known carousel library; stable false positive for this package. ai
phantom-deps phantom-dep:@types/uuid AI (phantom-deps): Type-only package loaded by convention; stable false positive. ai
phantom-deps phantom-dep:@types/sortablejs AI (phantom-deps): Type-only package loaded by convention; stable false positive. ai
phantom-deps phantom-dep:tailwindcss AI (phantom-deps): Config-referenced build tool, not a runtime import; stable false positive for this UI library. ai
phantom-deps phantom-dep:@splidejs/splide AI (phantom-deps): Carousel library used in component templates; stable false positive for this UI library. ai
phantom-deps phantom-dep:@onereach/styles AI (phantom-deps): Same-org styles package, likely imported via CSS/SCSS rather than JS; stable false positive. ai
phantom-deps phantom-dep:focus-trap AI (phantom-deps): Listed as runtime dep but used indirectly via @vueuse/integrations; stable false positive. ai

Versions (showing 33 of 33)

Version Deps Published
26.13.0 50 / 8
26.12.0 50 / 8
26.11.4 50 / 8
26.11.3 50 / 8
26.11.2 50 / 8
26.11.1 50 / 8
26.11.0 50 / 8
26.10.0 50 / 8
26.9.3 50 / 8
26.9.2 50 / 8
26.9.1 50 / 8
26.9.0 50 / 8
26.8.0 50 / 8
26.7.0 50 / 8
26.6.7 50 / 8
26.6.6 50 / 8
26.6.5 50 / 8
26.6.4 50 / 8
26.6.3 50 / 8
26.6.2 50 / 8
26.6.1 50 / 8
26.6.0 50 / 8
26.5.2 50 / 8
26.5.1 50 / 8
26.5.0 50 / 8
26.4.0 50 / 8
26.3.2 50 / 8
26.3.1 50 / 8
26.3.0 50 / 8
26.2.1 50 / 8
26.2.0 50 / 8
26.1.0 50 / 8
26.0.0 50 / 8

v26.13.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v26.12.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v26.11.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v26.11.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v26.11.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v26.11.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v26.11.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v26.10.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v26.9.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v26.9.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v26.9.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v26.9.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v26.7.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v26.6.7

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v26.6.6

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v26.6.5

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v26.6.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v26.6.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v26.6.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v26.6.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v26.6.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v26.5.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v26.5.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v26.5.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v26.4.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v26.3.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v26.3.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v26.3.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v26.2.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v26.2.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v26.1.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v26.0.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.