@public-ui/mcp EUPL-1.2 18 versions

@public-ui/mcp

npm Repository Homepage

Model Context Protocol server providing AI agents access to 136+ KoliBri component examples and source code.

18

Versions

EUPL-1.2

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

m.oppitzitzbund

Keywords

mcpmodel-context-protocolkolibridesign-systemai-agentcomponent-libraryaccessibilityreacttypescript

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
typosquat	typosquat.levenshtein:yup	AI (typosquat): Scoped package @public-ui/mcp from a known German federal IT agency; Levenshtein proximity to 'yup' is coincidental and not a plausible typosquat vector.	ai	2026/04/25
phantom-deps	phantom-dep:@public-ui/components	AI (phantom-deps): Same org scope sibling package; used for bundled component examples/source content rather than direct code imports. Benign for this package.	ai	2026/04/25
dependencies	unvetted-dep:@public-ui/components	AI (dependencies): Sibling package in the same @public-ui org scope at matching version 4.1.3; expected dependency for this MCP server package.	ai	2026/04/25

Versions (showing 18 of 18)

Version	Deps	Published
4.2.1	5 / 16	2026-06-04
4.2.0	5 / 16	2026-05-29
4.1.4	5 / 16	2026-04-28
4.1.3	5 / 16	2026-04-21
4.1.2	5 / 16	2026-04-02
4.1.1	5 / 16	2026-03-09
4.1.0	5 / 16	2026-02-26
4.0.3	5 / 16	2026-02-07
4.0.2	5 / 16	2026-01-23
4.0.1	5 / 16	2026-01-15
4.0.0	5 / 16	2026-01-10
3.1.5	5 / 17	2026-04-28
3.1.4	5 / 17	2026-03-07
3.1.3	5 / 17	2026-02-26
3.1.2	5 / 17	2026-02-06
3.1.1	5 / 16	2026-01-23
3.1.0	5 / 16	2026-01-09
3.0.9	5 / 16	2025-12-18

v4.2.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.2.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.1.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.1.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.0.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.0.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.0.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.0.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.