@ottocode/web-sdk — Greenflagged

Reusable React components, hooks, and utilities for building ottocode web interfaces

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

nitishxyz

Keywords

ottoclireactcomponentshookssdkweb

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	large-new-source-files	AI (source-diff): Actively developed UI SDK; incremental file additions are expected across its 119-version history.	ai	2026/06/04
source-diff	obfuscated-file:dist/components/tunnel/TunnelSidebar.js	AI (source-diff): File is readable tsc-compiled React output; long lines are normal for bundled JSX, not obfuscation.	ai	2026/05/30
publish-pattern	new-deps-added	AI (publish-pattern): New deps are established @codemirror/* packages; consistent with adding CodeMirror editor support.	ai	2026/05/26
dependencies	unvetted-dep:ghostty-web	AI (dependencies): ghostty-web is a WebAssembly terminal emulator; its use in a web SDK is plausible and no malicious signals are associated with it. Acceptable for this package.	ai	2026/04/27
dependencies	unvetted-dep:@ottocode/sdk	AI (dependencies): Sibling package in the same @ottocode monorepo, pinned to the same version. Consistent with coordinated monorepo releases by the same publisher.	ai	2026/04/26
provenance	no-provenance	AI (provenance): Young private-ecosystem package; lack of provenance is common (~88% of npm) and not a security signal for this package.	ai	2026/04/25
phantom-deps	phantom-dep:axios	AI (phantom-deps): axios is a declared runtime dependency; phantom-dep finding reflects it being referenced in config rather than directly imported — a packaging style choice, not a security issue.	ai	2026/04/25

Versions (showing 51 of 73)

View all versions

Version	Deps	Published
0.1.296	24 / 14	2026-06-03
0.1.291	23 / 14	2026-05-29
0.1.286	23 / 14	2026-05-28
0.1.285	23 / 14	2026-05-28
0.1.282	22 / 14	2026-05-27
0.1.280	22 / 14	2026-05-25
0.1.279	22 / 14	2026-05-25
0.1.274	20 / 14	2026-05-23
0.1.272	6 / 14	2026-05-21
0.1.269	6 / 14	2026-05-20
0.1.268	6 / 14	2026-05-15
0.1.263	6 / 14	2026-05-03
0.1.262	6 / 14	2026-05-02
0.1.261	6 / 14	2026-05-01
0.1.260	6 / 14	2026-04-29
0.1.259	6 / 14	2026-04-29
0.1.256	6 / 14	2026-04-27
0.1.251	6 / 14	2026-04-25
0.1.250	6 / 14	2026-04-25
0.1.249	6 / 14	2026-04-24
0.1.248	6 / 14	2026-04-24
0.1.247	6 / 14	2026-04-23
0.1.246	6 / 14	2026-04-23
0.1.245	6 / 14	2026-04-20
0.1.244	6 / 14	2026-04-20
0.1.243	6 / 14	2026-04-18
0.1.242	6 / 14	2026-04-18
0.1.237	6 / 14	2026-03-20
0.1.236	6 / 14	2026-03-19
0.1.235	6 / 14	2026-03-17
0.1.234	6 / 14	2026-03-16
0.1.233	6 / 14	2026-03-14
0.1.231	6 / 14	2026-03-13
0.1.230	6 / 14	2026-03-11
0.1.228	6 / 14	2026-03-09
0.1.227	6 / 14	2026-03-08
0.1.226	6 / 14	2026-03-06
0.1.225	6 / 14	2026-03-04
0.1.224	6 / 14	2026-03-03
0.1.222	6 / 14	2026-03-03
0.1.221	6 / 14	2026-03-01
0.1.219	6 / 14	2026-03-01
0.1.217	6 / 14	2026-03-01
0.1.210	6 / 14	2026-02-16
0.1.208	6 / 14	2026-02-16
0.1.207	6 / 14	2026-02-15
0.1.206	6 / 14	2026-02-14
0.1.205	6 / 14	2026-02-14
0.1.204	6 / 14	2026-02-14
0.1.203	6 / 14	2026-02-14
0.1.202	6 / 14	2026-02-13

v0.1.296

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.291

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.286

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.285

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.282

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.280

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.279

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.274

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.272

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.269

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.268

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.263

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.262

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.261

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.260

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.259

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.256

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.251

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.250

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.249

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.248

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.247

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.246

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.245

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.244

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.243

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.242

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.237

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.236

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.235

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.234

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.233

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.231

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.230

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.228

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.227

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.226

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.225

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.224

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.222

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.221

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.219

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.217

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.210

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.208

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.207

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.206

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.205

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.204

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.203

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.202

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.