@panneau/form ISC 35 versions

@panneau/form

npm Repository Homepage

Basic form

35

Versions

ISC

License

No

Install Scripts

Missing

Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

phatshamblerfolklore-devdmongeau

Keywords

javascript

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
phantom-deps	phantom-dep:lodash-es	AI (phantom-deps): lodash-es is a declared dep used via build config; stable false positive for this package.	ai	2026/05/19
phantom-deps	phantom-dep:prop-types	AI (phantom-deps): prop-types is a declared dep used via build config; stable false positive for this package.	ai	2026/05/19
publish-pattern	new-deps-added	AI (publish-pattern): lodash is a well-known utility; phantom-dep finding indicates it is not directly imported, low risk for this package.	ai	2026/05/19
phantom-deps	phantom-dep:@babel/runtime	AI (phantom-deps): Framework-scoped package loaded by convention; stable pattern for this package.	ai	2026/05/16
dependencies	unvetted-dep:@folklore/fetch	AI (dependencies): Same-org (@folklore) dependency; consistent across panneau-js monorepo packages.	ai	2026/05/07
typosquat	typosquat.levenshtein:cors	AI (typosquat): Scoped @panneau/form package from folkloreinc org; Levenshtein match to 'cors' is a false positive.	ai	2026/05/02
phantom-deps	phantom-dep:classnames	AI (phantom-deps): Declared in package.json; likely used transitively or in config; stable false positive for this package.	ai	2026/05/02
phantom-deps	phantom-dep:@panneau/element-form	AI (phantom-deps): Same-org monorepo dep; phantom detection is a false positive for this package.	ai	2026/05/02
phantom-deps	phantom-dep:@panneau/field-fields	AI (phantom-deps): Same-org monorepo dep; phantom detection is a false positive for this package.	ai	2026/05/02
phantom-deps	phantom-dep:@panneau/element-button	AI (phantom-deps): Same-org monorepo dep; phantom detection is a false positive for this package.	ai	2026/05/02
phantom-deps	phantom-dep:lodash	AI (phantom-deps): Declared in package.json; likely used transitively or in config; stable false positive for this package.	ai	2026/05/02

Versions (showing 35 of 35)

Version	Deps	Published
4.0.55	7 / 2	2026-05-27
4.0.50	7 / 2	2026-05-14
4.0.49	7 / 2	2026-05-14
4.0.48	7 / 2	2026-05-14
4.0.46	7 / 2	2026-05-14
4.0.45	7 / 2	2026-05-14
4.0.41	7 / 2	2026-05-12
4.0.39	9 / 2	2026-04-29
4.0.38	9 / 2	2026-04-29
4.0.37	9 / 2	2026-04-29
4.0.36	9 / 2	2026-04-29
4.0.34	9 / 2	2026-04-17
4.0.33	9 / 2	2026-04-14
4.0.27	9 / 2	2026-03-12
4.0.21	9 / 2	2026-03-04
4.0.20	9 / 2	2026-03-04
4.0.19	9 / 2	2026-03-03
4.0.18	9 / 2	2026-03-03
4.0.17	9 / 2	2026-03-03
4.0.15	9 / 2	2026-02-25
4.0.14	9 / 2	2026-02-25
4.0.11	10 / 2	2026-02-24
4.0.8	10 / 2	2025-11-25
4.0.7	10 / 2	2025-11-21
4.0.6	10 / 2	2025-11-21
4.0.5	10 / 2	2025-11-20
4.0.4	10 / 2	2025-11-20
4.0.2	10 / 2	2025-11-20
4.0.1	10 / 2	2025-11-20
4.0.0	10 / 2	2025-11-20
3.0.319	10 / 2	2025-12-17
3.0.317	10 / 2	2025-12-16
3.0.314	10 / 2	2025-11-24
3.0.308	10 / 2	2025-11-12
3.0.307	10 / 2	2025-11-06

v4.0.55

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.50

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.49

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.48

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.46

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.45

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.41

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.39

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.0.38

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.37

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.36

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.34

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.33

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.27

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.21

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.0.20

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.0.19

2 findings

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: dmongeau → phatshambler (on 2026-03-03, known maintainer) provenance

This version was published by a different npm account (phatshambler) than the most recent previously approved version (dmongeau) on 2026-03-03, but phatshambler is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.

v4.0.18

2 findings

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: dmongeau → phatshambler (on 2026-03-03, known maintainer) provenance

This version was published by a different npm account (phatshambler) than the most recent previously approved version (dmongeau) on 2026-03-03, but phatshambler is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.

v4.0.17

2 findings

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: dmongeau → phatshambler (on 2026-03-03, known maintainer) provenance

This version was published by a different npm account (phatshambler) than the most recent previously approved version (dmongeau) on 2026-03-03, but phatshambler is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.

v4.0.15

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.0.14

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.0.11

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.8

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.0.7

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.0.6

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.5

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.0.4

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.0.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.0.319

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.0.317

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.0.314

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.0.308

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.0.307

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.