← Home

@openremote/or-rules

npm

OpenRemote rules related UI components

7
Versions
AGPL-3.0-or-later
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

openremotedeveloperwborn

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
phantom-deps phantom-dep:linqts AI (phantom-deps): Bundled UI component; deps referenced via config/indirect usage, not direct imports. ai
phantom-deps phantom-dep:moment AI (phantom-deps): Same pattern — bundled component library with indirect dep usage. ai
phantom-deps phantom-dep:shortid AI (phantom-deps): Same pattern — bundled component library with indirect dep usage. ai
phantom-deps phantom-dep:iso-639-1 AI (phantom-deps): Same pattern — bundled component library with indirect dep usage. ai
phantom-deps phantom-dep:resize-observer AI (phantom-deps): Same pattern — bundled component library with indirect dep usage. ai
phantom-deps phantom-dep:@openremote/core AI (phantom-deps): Same-org scoped dep; expected indirect usage in monorepo bundle. ai
phantom-deps phantom-dep:@openremote/rest AI (phantom-deps): Same-org scoped dep; expected indirect usage in monorepo bundle. ai
phantom-deps phantom-dep:@openremote/or-attribute-picker AI (phantom-deps): Same-org scoped dep; expected indirect usage in monorepo bundle. ai

Versions (showing 7 of 7)

Version Deps Published
1.24.1 20 / 2
1.24.0 20 / 1
1.23.1 20 / 1
1.23.0 20 / 1
1.22.1 20 / 1
1.22.0 20 / 1
1.21.0 20 / 1

v1.24.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.24.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.23.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.23.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.22.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.22.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.21.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.