← Home

@open-keystone/fields

npm Repository Homepage

KeystoneJS Field Types including Text, Password, DateTime, Integer, and more.

16
Versions
MIT
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

open-condo-software

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
provenance no-provenance AI (provenance): Publisher consistently publishes without provenance across all 31 versions; no other risk signals. ai
dependencies unvetted-dep:@open-arch-ui/lozenge AI (dependencies): First-party UI component from same publisher org; stable pattern across all versions. ai
dependencies unvetted-dep:@open-arch-ui/options AI (dependencies): First-party UI component from same publisher org; stable pattern across all versions. ai
dependencies unvetted-dep:@open-arch-ui/tooltip AI (dependencies): First-party UI component from same publisher org; stable pattern across all versions. ai
dependencies unvetted-dep:@open-arch-ui/controls AI (dependencies): First-party UI component from same publisher org; stable pattern across all versions. ai
dependencies unvetted-dep:@open-arch-ui/day-picker AI (dependencies): First-party UI component from same publisher org; stable pattern across all versions. ai
dependencies unvetted-dep:@open-arch-ui/typography AI (dependencies): First-party UI component from same publisher org; stable pattern across all versions. ai
dependencies unvetted-dep:react-toast-notifications AI (dependencies): Well-known third-party React notification library; no known malicious history. ai
dependencies unvetted-dep:@open-arch-ui/alert AI (dependencies): First-party UI component from same publisher org; stable pattern across all versions. ai
dependencies unvetted-dep:@open-arch-ui/input AI (dependencies): First-party UI component from same publisher org; stable pattern across all versions. ai
dependencies unvetted-dep:@open-arch-ui/theme AI (dependencies): First-party UI component from same publisher org; stable pattern across all versions. ai
dependencies unvetted-dep:@open-arch-ui/button AI (dependencies): First-party UI component from same publisher org; stable pattern across all versions. ai
dependencies unvetted-dep:@open-arch-ui/drawer AI (dependencies): First-party UI component from same publisher org; stable pattern across all versions. ai
dependencies unvetted-dep:@open-arch-ui/fields AI (dependencies): First-party UI component from same publisher org; stable pattern across all versions. ai
dependencies unvetted-dep:@open-arch-ui/layout AI (dependencies): First-party UI component from same publisher org; stable pattern across all versions. ai
dependencies unvetted-dep:@open-arch-ui/popout AI (dependencies): First-party UI component from same publisher org; stable pattern across all versions. ai
dependencies unvetted-dep:@open-arch-ui/select AI (dependencies): First-party UI component from same publisher org; stable pattern across all versions. ai
dependencies unvetted-dep:@open-arch-ui/filters AI (dependencies): First-party UI component from same publisher org; stable pattern across all versions. ai
dependencies unvetted-dep:@open-arch-ui/loading AI (dependencies): First-party UI component from same publisher org; stable pattern across all versions. ai
publish-pattern dormant-publish AI (publish-pattern): SLSA provenance attestation confirms CI/CD publish; no material code changes from prior approved version. ai
provenance slsa-provenance AI (provenance): Package consistently published via CI/CD with Sigstore attestation; stable signal for this package. ai
phantom-deps phantom-dep:@open-arch-ui/drawer AI (phantom-deps): Sibling UI package referenced in config; stable false positive. ai
phantom-deps phantom-dep:react-dom AI (phantom-deps): Peer dep pattern for React UI library; stable false positive for this package. ai
phantom-deps phantom-dep:react-toast-notifications AI (phantom-deps): Referenced in config files only; stable false positive for this package. ai
phantom-deps phantom-dep:@open-arch-ui/popout AI (phantom-deps): Sibling UI package referenced in config; stable false positive. ai
phantom-deps phantom-dep:image-extensions AI (phantom-deps): Used in config/build context, not a direct import; stable false positive. ai

Versions (showing 16 of 16)

Version Deps Published
25.0.19 51 / 6
25.0.18 51 / 6
25.0.17 51 / 6
25.0.16 51 / 6
25.0.15 51 / 6
25.0.14 51 / 6
25.0.12 51 / 6
25.0.10 51 / 6
25.0.9 51 / 6
25.0.6 51 / 6
25.0.5 51 / 6
25.0.4 51 / 6
25.0.3 51 / 6
25.0.2 51 / 6
25.0.1 51 / 6
25.0.0 51 / 6

v25.0.19

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v25.0.18

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v25.0.17

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v25.0.16

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v25.0.15

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v25.0.14

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v25.0.12

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v25.0.10

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v25.0.9

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v25.0.6

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v25.0.5

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v25.0.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v25.0.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v25.0.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v25.0.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v25.0.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.