@postxl/ui-components — Greenflagged

PostXL UI component library - Radix UI primitives with Tailwind CSS styling

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

peter_postxlfrozen666

Keywords

postxluicomponentsreacttailwindcssradix-ui

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
phantom-deps	phantom-dep:use-local-storage-state	AI (phantom-deps): Config-file reference in UI component library; stable pattern.	ai	2026/05/02
dependencies	unvetted-dep:@radix-ui/react-avatar	AI (dependencies): Radix UI is a well-known, widely-trusted primitive library; stable false positive for this package.	ai	2026/04/28
dependencies	unvetted-dep:@radix-ui/react-select	AI (dependencies): Radix UI is a well-known, widely-trusted primitive library; stable false positive for this package.	ai	2026/04/28
dependencies	unvetted-dep:@radix-ui/react-hover-card	AI (dependencies): Radix UI is a well-known, widely-trusted primitive library; stable false positive for this package.	ai	2026/04/28
dependencies	unvetted-dep:use-local-storage-state	AI (dependencies): use-local-storage-state is a well-established utility with broad ecosystem usage; low risk.	ai	2026/04/28
phantom-deps	phantom-dep:@radix-ui/react-context	AI (phantom-deps): Radix UI internal sub-package; used transitively by other @radix-ui deps, not a real phantom dep concern.	ai	2026/04/28
phantom-deps	phantom-dep:@radix-ui/react-checkbox	AI (phantom-deps): Declared in package.json dependencies; likely referenced indirectly via bundled components.	ai	2026/04/28

Versions (showing 5 of 5)

Version	Deps	Published
1.8.0	44 / 26	2026-04-25
1.7.1	44 / 26	2026-04-17
1.5.3	44 / 26	2026-02-24
1.3.5	40 / 22	2026-02-02
1.0.0	40 / 22	2026-01-07