@project44-manifest/vessel
Pre-packaged configs for Manifest Design System. Inspired by [@beemo/dev](https://github.com/beemojs/dev).
1
Versions
MIT
License
No
Install Scripts
Missing
Provenance
Supply chain provenance
Status for the latest visible version.
No SLSA provenance
npm registry signatures
gitHead linked
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
bclark-44
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:jest | AI (phantom-deps): Tooling config package; jest is a bundled dep loaded by convention, not directly imported. | ai | |
| phantom-deps | phantom-dep:eslint | AI (phantom-deps): Tooling config package; eslint is a bundled dep referenced in config files. | ai | |
| phantom-deps | phantom-dep:prettier | AI (phantom-deps): Tooling config package; prettier is a bundled dep referenced in config files. | ai | |
| phantom-deps | phantom-dep:@babel/cli | AI (phantom-deps): Babel tooling dep loaded by convention in this shared config package. | ai | |
| phantom-deps | phantom-dep:@babel/core | AI (phantom-deps): Babel tooling dep loaded by convention in this shared config package. | ai | |
| phantom-deps | phantom-dep:@types/jest | AI (phantom-deps): Type definitions loaded by convention, not directly imported. | ai | |
| phantom-deps | phantom-dep:jest-circus | AI (phantom-deps): Jest runner loaded by config, not directly imported. | ai | |
| phantom-deps | phantom-dep:@babel/preset-env | AI (phantom-deps): Babel preset loaded by convention in shared config package. | ai | |
| phantom-deps | phantom-dep:eslint-plugin-jest | AI (phantom-deps): ESLint plugin referenced in config files, not directly imported. | ai | |
| phantom-deps | phantom-dep:@babel/preset-react | AI (phantom-deps): Babel preset loaded by convention in shared config package. | ai | |
| phantom-deps | phantom-dep:eslint-plugin-react | AI (phantom-deps): ESLint plugin referenced in config files, not directly imported. | ai | |
| phantom-deps | phantom-dep:eslint-plugin-import | AI (phantom-deps): ESLint plugin referenced in config files, not directly imported. | ai | |
| phantom-deps | phantom-dep:eslint-config-prettier | AI (phantom-deps): ESLint config referenced in config files, not directly imported. | ai | |
| phantom-deps | phantom-dep:eslint-plugin-jsx-a11y | AI (phantom-deps): ESLint plugin referenced in config files, not directly imported. | ai | |
| phantom-deps | phantom-dep:jest-environment-jsdom | AI (phantom-deps): Jest environment loaded by config, not directly imported. | ai | |
| phantom-deps | phantom-dep:@babel/preset-typescript | AI (phantom-deps): Babel preset loaded by convention in shared config package. | ai | |
| phantom-deps | phantom-dep:eslint-plugin-react-perf | AI (phantom-deps): ESLint plugin referenced in config files, not directly imported. | ai | |
| phantom-deps | phantom-dep:@typescript-eslint/parser | AI (phantom-deps): ESLint parser referenced in config files, not directly imported. | ai | |
| phantom-deps | phantom-dep:eslint-plugin-react-hooks | AI (phantom-deps): ESLint plugin referenced in config files, not directly imported. | ai | |
| phantom-deps | phantom-dep:babel-plugin-transform-dev | AI (phantom-deps): Babel plugin referenced in config files, not directly imported. | ai |
Versions (showing 1 of 1)
| Version | Deps | Published |
|---|---|---|
| 1.0.2 | 33 / 2 |
v1.0.2
1 finding
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.