@open-formulieren/formio-renderer No license 17 versions

@open-formulieren/formio-renderer

npm Repository Homepage

17

Versions

—

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

bbtmaykinmedia

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
bogus-package	bogus-package	AI (bogus-package): Specialized Form.io renderer with clear purpose; metadata gaps don't indicate malice.	ai	2026/05/29
source-diff	large-new-source-files	AI (source-diff): Major version release (0.x to 1.0.0); new files consistent with feature expansion in a UI component library.	ai	2026/05/27
publish-pattern	new-deps-added	AI (publish-pattern): @utrecht/* deps are NL Design System components; consistent with this package's purpose and org.	ai	2026/05/18
license	copyleft-license:EUPL-1.2	AI (license): Open-source project; EUPL-1.2 is intentional and disclosed.	ai	2026/05/06
dependencies	unvetted-dep:@open-formulieren/types	AI (dependencies): First-party types package from the same open-formulieren org.	ai	2026/05/01
dependencies	unvetted-dep:@utrecht/component-library-react	AI (dependencies): Part of the Utrecht Design System, a Dutch government open-source project.	ai	2026/05/01
dependencies	unvetted-dep:@utrecht/calendar-react	AI (dependencies): Part of the Utrecht Design System, a Dutch government open-source project.	ai	2026/05/01
dependencies	unvetted-dep:ibantools	AI (dependencies): Well-known IBAN validation library; no security concerns.	ai	2026/05/01
dependencies	unvetted-dep:zod-formik-adapter	AI (dependencies): Standard Zod/Formik integration adapter; no security concerns.	ai	2026/05/01
dependencies	unvetted-dep:react-signature-canvas	AI (dependencies): Established React signature pad component; no security concerns.	ai	2026/05/01
phantom-deps	phantom-dep:@babel/runtime	AI (phantom-deps): @babel/runtime is a declared runtime dep used transitively by bundled code; stable false positive for this package.	ai	2026/05/01

Versions (showing 17 of 17)

Version	Deps	Published
1.5.3	12 / 107	2026-04-28
1.5.2	12 / 107	2026-04-16
1.5.1	14 / 100	2026-04-09
1.5.0	14 / 100	2026-04-02
1.4.1	13 / 98	2026-03-30
1.4.0	13 / 98	2026-03-27
1.3.0	13 / 98	2026-03-24
1.2.0	12 / 97	2026-03-18
1.1.3	12 / 75	2026-06-04
1.1.2	12 / 75	2026-04-24
1.1.1	12 / 75	2026-03-09
1.1.0	12 / 76	2026-02-03
1.0.0	11 / 79	2025-12-31
0.14.1	10 / 74	2025-11-28
0.14.0	10 / 74	2025-11-28
0.13.0	10 / 64	2025-11-20
0.12.0	10 / 64	2025-11-07

v1.5.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.5.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.5.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.4.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.4.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.3.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.2.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.1.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.1.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.1.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.1.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.14.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.14.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.12.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.