← Home

@pie-lib/graphing-solution-set

npm Repository Homepage
7
Versions
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

ed.eustacelakatosandreichilleniousandreeapescarcarlacosteaiacoshoriajustinheuer

Keywords

reactpiegraphing

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
phantom-deps phantom-dep:@visx/point AI (phantom-deps): Transitive visx dependency; common in visualization libraries. ai
phantom-deps phantom-dep:d3-scale AI (phantom-deps): Transitive/config-referenced dependency in graphing library; stable pattern. ai
phantom-deps phantom-dep:@visx/event AI (phantom-deps): Transitive visx dependency; common in visualization libraries. ai
phantom-deps phantom-dep:@visx/group AI (phantom-deps): Transitive visx dependency; common in visualization libraries. ai
phantom-deps phantom-dep:@emotion/react AI (phantom-deps): Transitive styling dependency; common in React libraries. ai
phantom-deps phantom-dep:@emotion/style AI (phantom-deps): Transitive styling dependency; common in React libraries. ai
phantom-deps phantom-dep:@pie-lib/tools AI (phantom-deps): Same-org scoped dependency; monorepo pattern. ai
phantom-deps phantom-dep:@visx/clip-path AI (phantom-deps): Transitive visx dependency; common in visualization libraries. ai
phantom-deps phantom-dep:react-draggable AI (phantom-deps): Config-referenced dependency; stable for this package. ai
phantom-deps phantom-dep:@mapbox/point-geometry AI (phantom-deps): Transitive geometry dependency; stable for this package. ai
phantom-deps phantom-dep:@pie-lib/graphing-utils AI (phantom-deps): Same-org scoped dependency; monorepo pattern. ai

Versions (showing 7 of 7)

Version Deps Published
4.0.6 35 / 0
4.0.5 35 / 0
4.0.4 35 / 0
4.0.3 35 / 0
4.0.1 35 / 0
4.0.0 35 / 0
0.1.0 38 / 0

v4.0.6

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.0.5

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.0.4

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.0.3

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.0.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.0.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.