← Home

@pie-element/protractor

npm Repository Homepage

Information coming soon...

4
Versions
ISC
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

ed.eustaceelodszoposlakatosandreievaneuschilleniousandreeapescarcarlacosteaiacoshoriajustinheuer

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
provenance no-provenance AI (provenance): Long-established pie-framework package; lack of provenance is consistent across all versions and not a risk indicator here. ai
publish-pattern dormant-publish AI (publish-pattern): SLSA provenance attestation and no material changes from prior version; consistent with legitimate CI/CD resumption. ai
phantom-deps phantom-dep:@emotion/react AI (phantom-deps): Peer/config-level dep for emotion CSS-in-JS; not directly imported in source is expected for this package type. ai
phantom-deps phantom-dep:@emotion/style AI (phantom-deps): Same as @emotion/react — config-level reference, stable false positive for this package. ai
phantom-deps phantom-dep:@mui/icons-material AI (phantom-deps): MUI icons used transitively/config-level; phantom-dep false positive stable for this package. ai
bogus-package bogus-package AI (bogus-package): Cosmetic signals (no README code block, no keywords) consistent with a long-lived framework component package. ai

Versions (showing 4 of 4)

Version Deps Published
8.1.1 7 / 0
8.0.1 7 / 0
8.0.0 7 / 0
6.3.3 5 / 0

v8.1.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.0.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.3.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.