← Home

@openremote/or-app

npm

OpenRemote app template

35
Versions
AGPL-3.0-or-later
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

openremotedeveloperwborn

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
phantom-deps phantom-dep:@openremote/or-services AI (phantom-deps): Same-org monorepo sibling; app-shell re-export pattern. ai
phantom-deps phantom-dep:@openremote/or-timeline AI (phantom-deps): Same-org monorepo re-export pattern; stable across versions. ai
phantom-deps phantom-dep:@openremote/or-attribute-picker AI (phantom-deps): Same-org monorepo re-export pattern; stable across versions. ai
phantom-deps phantom-dep:@openremote/or-dashboard-builder AI (phantom-deps): Same-org monorepo re-export pattern; stable across versions. ai
phantom-deps phantom-dep:moment AI (phantom-deps): Declared runtime dep used transitively; phantom-dep heuristic false positive for this app-template. ai
phantom-deps phantom-dep:@lit/task AI (phantom-deps): Declared runtime dep; phantom-dep heuristic false positive for this app-template. ai
phantom-deps phantom-dep:@openremote/rest AI (phantom-deps): Same-org monorepo re-export pattern; stable across versions. ai
phantom-deps phantom-dep:@openremote/or-map AI (phantom-deps): Same-org monorepo re-export pattern; stable across versions. ai
phantom-deps phantom-dep:@openremote/or-chart AI (phantom-deps): Same-org monorepo re-export pattern; stable across versions. ai
phantom-deps phantom-dep:@openremote/or-gauge AI (phantom-deps): Same-org monorepo re-export pattern; stable across versions. ai
phantom-deps phantom-dep:@openremote/or-rules AI (phantom-deps): Same-org monorepo re-export pattern; stable across versions. ai
phantom-deps phantom-dep:@openremote/or-asset-tree AI (phantom-deps): Same-org monorepo re-export pattern; stable across versions. ai
phantom-deps phantom-dep:@openremote/or-asset-viewer AI (phantom-deps): Same-org monorepo re-export pattern; stable across versions. ai
phantom-deps phantom-dep:@openremote/or-smart-notify AI (phantom-deps): Same-org monorepo re-export pattern; stable across versions. ai
phantom-deps phantom-dep:@openremote/or-attribute-input AI (phantom-deps): Same-org monorepo re-export pattern; stable across versions. ai
dependencies unvetted-dep:pwa-helpers AI (dependencies): pwa-helpers is a well-known Polymer/PWA utility; stable dependency across many OpenRemote versions. ai
phantom-deps phantom-dep:@webcomponents/webcomponentsjs AI (phantom-deps): Referenced in config/bundler files; stable false positive for this package. ai
phantom-deps phantom-dep:pwa-helpers AI (phantom-deps): Referenced in config/bundler files; stable false positive for this package. ai
bogus-package bogus-package AI (bogus-package): Established OpenRemote monorepo package; sparse metadata is a monorepo artifact, not spam. ai

Versions (showing 35 of 35)

Version Deps Published
1.24.1 10 / 1
1.24.0 10 / 1
1.23.1 10 / 1
1.22.1 10 / 1
1.22.0 10 / 1
1.21.0 10 / 1
1.20.2 10 / 1
1.20.1 10 / 1
1.20.0 10 / 1
1.19.0 10 / 1
1.18.0 10 / 1
1.17.3 10 / 1
1.17.2 10 / 1
1.17.1 10 / 1
1.17.0 10 / 1
1.16.1 10 / 1
1.15.2 10 / 1
1.15.1 10 / 1
1.14.0 10 / 1
1.13.1 10 / 1
1.13.0 10 / 1
1.12.3 10 / 1
1.12.1 10 / 1
1.12.0 10 / 1
1.11.3 10 / 1
1.11.2 10 / 1
1.11.1 10 / 1
1.11.0 10 / 1
1.10.0 22 / 1
1.9.0 22 / 1
1.8.0 21 / 1
1.7.0 21 / 1
1.6.5 21 / 1
1.6.3 21 / 1
1.6.0 21 / 1

v1.24.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.24.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.23.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.22.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.22.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.21.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.20.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.20.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.20.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.19.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.18.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.17.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.17.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.17.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.17.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.16.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.15.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.15.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.14.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.13.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.13.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.12.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.12.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.12.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.11.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.11.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.11.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.11.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.10.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.9.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.8.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.7.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.6.5

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.6.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.6.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.