@osdk/react-components Apache-2.0 22 versions

@osdk/react-components

npm Repository Homepage

> **⚠️ Beta Release**: This package is currently in beta. Please use the latest beta version for the most up-to-date features and fixes.

22

Versions

Apache-2.0

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

sauravsanjpalantirericandersonericjeney-palantir

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
maintainer-change	maintainer-added	AI (maintainer-change): Palantir org package; new maintainer has palantir-suffixed username consistent with internal team growth.	ai	2026/05/31
dependencies	unvetted-dep:xlsx	AI (dependencies): xlsx is used for the experimental excel-viewer component; consistent with package purpose across versions.	ai	2026/05/18
phantom-deps	phantom-dep:date-fns	AI (phantom-deps): date-fns is a transitive peer of react-day-picker; phantom-dep heuristic fires as false positive here.	ai	2026/05/11
provenance	publisher-changed	AI (provenance): Palantir migrated publishing to GitHub Actions CI with SLSA attestation; stable pattern for this org.	ai	2026/05/11
phantom-deps	phantom-dep:date-fns-tz	AI (phantom-deps): Same as date-fns; used transitively via react-day-picker ecosystem.	ai	2026/05/11
source-diff	large-new-source-files	AI (source-diff): Palantir OSDK component library; large file additions reflect legitimate feature expansion, not injected code.	ai	2026/05/11
source-diff	source-size-tripled	AI (source-diff): Size increase matches 7 new well-known runtime deps added in this version.	ai	2026/05/11
npm-metadata	suspicious-initial-version	AI (npm-metadata): Palantir OSDK monorepo uses 0.0.0 as a placeholder version; not a malware signal for this publisher.	ai	2026/05/04

Versions (showing 22 of 22)

Version	Deps	Published
0.27.0	19 / 16	2026-06-05
0.26.0	19 / 16	2026-06-04
0.22.0	19 / 17	2026-05-28
0.21.0	19 / 17	2026-05-27
0.20.0	19 / 17	2026-05-27
0.19.0	19 / 17	2026-05-21
0.16.0	20 / 17	2026-05-14
0.15.0	17 / 17	2026-05-13
0.13.0	17 / 16	2026-05-08
0.12.0	16 / 16	2026-05-07
0.11.0	16 / 16	2026-05-05
0.10.0	16 / 16	2026-05-05
0.9.0	16 / 16	2026-04-29
0.8.0	16 / 16	2026-04-28
0.7.0	16 / 16	2026-04-23
0.6.0	16 / 16	2026-04-22
0.5.0	16 / 16	2026-04-21
0.4.0	16 / 16	2026-04-21
0.3.0	11 / 15	2026-04-13
0.2.0	11 / 15	2026-04-06
0.1.0	4 / 12	2026-02-18
0.0.0	0 / 8	2025-12-17

v0.27.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.26.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.22.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.21.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.20.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.19.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.16.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.15.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.12.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.11.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.10.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.9.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.7.0

2 findings

HIGH Publisher changed: palantir → GitHub Actions (on 2026-04-23) provenance

This version was published by a different npm account than previous versions on 2026-04-23. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.0

2 findings

HIGH Publisher changed: palantir → GitHub Actions (on 2026-04-22) provenance

This version was published by a different npm account than previous versions on 2026-04-22. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.5.0

2 findings

HIGH Publisher changed: palantir → GitHub Actions (on 2026-04-21) provenance

This version was published by a different npm account than previous versions on 2026-04-21. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.0

2 findings

HIGH Publisher changed: palantir → GitHub Actions (on 2026-04-21) provenance

This version was published by a different npm account than previous versions on 2026-04-21. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.0

2 findings

HIGH Publisher changed: palantir → sauravsanj (on 2026-04-13) provenance

This version was published by a different npm account than previous versions on 2026-04-13. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.2.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.