@opencor/opencor
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:js-cookie | AI (phantom-deps): js-cookie referenced in config files; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:octokit | AI (phantom-deps): Declared runtime dep; referenced in config files as expected for this package. | ai | |
| phantom-deps | phantom-dep:firebase | AI (phantom-deps): Declared runtime dep; referenced in config files as expected for this package. | ai | |
| phantom-deps | phantom-dep:quill | AI (phantom-deps): Used via config/plugin registration, not direct import; stable pattern for this Vue component library. | ai | |
| phantom-deps | phantom-dep:crypto-js | AI (phantom-deps): Utility dep used indirectly; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:jsonschema | AI (phantom-deps): Referenced in config context; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:ua-parser-js | AI (phantom-deps): Utility dep referenced in config; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:primevue | AI (phantom-deps): Vue component library; primevue referenced in config/build, not direct imports — stable FP. | ai | |
| phantom-deps | phantom-dep:@vueuse/core | AI (phantom-deps): Referenced in config files; stable FP for this package. | ai | |
| phantom-deps | phantom-dep:xxhash-wasm | AI (phantom-deps): Platform-specific binary dep; not directly imported in JS — stable FP. | ai | |
| phantom-deps | phantom-dep:primeicons | AI (phantom-deps): Icon font dep used via CSS/config, not direct JS import — stable FP. | ai | |
| phantom-deps | phantom-dep:@napi-rs/keyring | AI (phantom-deps): Native binding referenced in config; stable FP for this package. | ai | |
| phantom-deps | phantom-dep:@primeuix/themes | AI (phantom-deps): Theme package referenced in config; stable FP for this package. | ai | |
| phantom-deps | phantom-dep:@primevue/auto-import-resolver | AI (phantom-deps): Build-time resolver referenced in vite config; stable FP for this package. | ai |
Versions (showing 25 of 25)
| Version | Deps | Published |
|---|---|---|
| 0.20260604.0 | 8 / 19 | |
| 0.20260417.1 | 8 / 19 | |
| 0.20260417.0 | 8 / 19 | |
| 0.20260416.3 | 8 / 19 | |
| 0.20260416.2 | 8 / 19 | |
| 0.20260416.1 | 8 / 19 | |
| 0.20260416.0 | 8 / 19 | |
| 0.20260410.0 | 8 / 19 | |
| 0.20260319.0 | 8 / 19 | |
| 0.20260318.1 | 8 / 19 | |
| 0.20260318.0 | 8 / 18 | |
| 0.20260317.1 | 8 / 18 | |
| 0.20260314.0 | 8 / 17 | |
| 0.20260311.0 | 8 / 16 | |
| 0.20260304.2 | 8 / 16 | |
| 0.20260304.1 | 8 / 16 | |
| 0.20260304.0 | 8 / 16 | |
| 0.20260303.1 | 8 / 16 | |
| 0.20251205.2 | 10 / 13 | |
| 0.20251204.4 | 12 / 13 | |
| 0.20251204.3 | 12 / 13 | |
| 0.20251022.0 | 10 / 13 | |
| 0.20250910.0 | 9 / 16 | |
| 0.20250906.0 | 9 / 16 | |
| 0.20250827.0 | 9 / 16 |
v0.20260604.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.20260417.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.20260417.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.20260416.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.20260416.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.20260416.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.20260416.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.20260410.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.20260319.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.20260318.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.20260318.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.20260317.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.20260314.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.20260311.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.20260304.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.20260304.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.20260304.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.20260303.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.20251205.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.20251204.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.20251204.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.20251022.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.20250910.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.20250906.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.20250827.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.