@powerhousedao/document-engineering

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

acaldas.powerhousememo.devryanwolhuterprometheus-phcallme-tfroidliberuum

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
phantom-deps	phantom-dep:document-model	AI (phantom-deps): Config-referenced dependency; stable pattern for this package.	ai	2026/05/18
phantom-deps	phantom-dep:@radix-ui/react-visually-hidden	AI (phantom-deps): Config-referenced UI dependency; stable pattern for this package.	ai	2026/05/18
phantom-deps	phantom-dep:@radix-ui/react-dialog	AI (phantom-deps): Config-referenced UI dependency; stable pattern for this package.	ai	2026/05/18
phantom-deps	phantom-dep:@radix-ui/react-separator	AI (phantom-deps): Declared dep used in config/stories, typical for UI component library.	ai	2026/04/27
phantom-deps	phantom-dep:remark-gfm	AI (phantom-deps): Declared dep used in config/stories, typical for UI component library.	ai	2026/04/27
phantom-deps	phantom-dep:date-fns-tz	AI (phantom-deps): Declared dep used in config/stories, typical for UI component library.	ai	2026/04/27
phantom-deps	phantom-dep:react-docgen	AI (phantom-deps): Declared dep used in config/stories, typical for UI component library.	ai	2026/04/27
phantom-deps	phantom-dep:@internationalized/date	AI (phantom-deps): Declared dep used in config/stories, typical for UI component library.	ai	2026/04/27
phantom-deps	phantom-dep:@zxcvbn-ts/matcher-pwned	AI (phantom-deps): Declared dep used in config/stories, typical for UI component library.	ai	2026/04/27
dependencies	unvetted-dep:@radix-ui/react-dropdown-menu	AI (dependencies): @radix-ui/react-dropdown-menu is part of the widely-used Radix UI headless component library; no security concern.	ai	2026/04/27
dependencies	unvetted-dep:@radix-ui/react-tooltip	AI (dependencies): @radix-ui/react-tooltip is part of the widely-used Radix UI headless component library; no security concern.	ai	2026/04/27
dependencies	unvetted-dep:react-confirm	AI (dependencies): react-confirm is a legitimate, well-known React confirmation dialog library; unvetted status reflects registry gap, not actual risk.	ai	2026/04/27

Versions (showing 51 of 58)

View all versions

Version	Deps	Published
1.40.5	36 / 62	2026-05-14
1.40.4	36 / 61	2026-05-14
1.40.3	43 / 65	2026-05-06
1.40.2	43 / 65	2026-04-20
1.40.1	44 / 65	2026-01-13
1.40.0	44 / 65	2025-12-08
1.39.0	44 / 65	2025-10-15
1.38.0	45 / 67	2025-09-30
1.37.0	45 / 67	2025-09-22
1.36.0	45 / 67	2025-09-15
1.35.1	45 / 67	2025-09-15
1.35.0	45 / 67	2025-09-11
1.34.0	45 / 67	2025-08-28
1.33.0	44 / 66	2025-08-27
1.32.0	44 / 66	2025-08-25
1.31.0	44 / 66	2025-08-25
1.30.0	44 / 66	2025-08-19
1.29.0	44 / 66	2025-08-15
1.28.0	43 / 66	2025-08-12
1.27.0	42 / 66	2025-08-08
1.26.1	42 / 66	2025-08-06
1.26.0	42 / 66	2025-08-06
1.25.0	41 / 66	2025-08-04
1.24.0	40 / 65	2025-08-02
1.23.0	38 / 65	2025-07-29
1.22.0	38 / 65	2025-07-19
1.21.1	38 / 65	2025-07-15
1.21.0	38 / 65	2025-07-15
1.20.0	38 / 65	2025-07-15
1.19.0	38 / 65	2025-07-11
1.18.0	33 / 65	2025-07-08
1.17.0	33 / 65	2025-07-04
1.16.1	32 / 64	2025-07-01
1.16.0	32 / 64	2025-07-01
1.15.0	32 / 64	2025-06-27
1.14.0	32 / 64	2025-06-24
1.13.0	32 / 64	2025-06-17
1.12.0	32 / 64	2025-06-10
1.11.0	32 / 64	2025-06-05
1.10.0	32 / 64	2025-06-04
1.9.0	32 / 64	2025-06-04
1.8.1	32 / 64	2025-06-02
1.8.0	32 / 64	2025-06-02
1.7.0	32 / 53	2025-05-27
1.6.0	32 / 53	2025-05-26
1.5.0	32 / 53	2025-05-23
1.4.1	32 / 53	2025-05-22
1.4.0	32 / 53	2025-05-22
1.3.0	32 / 53	2025-05-22
1.2.2	32 / 53	2025-05-19
1.2.1	32 / 53	2025-05-19