@questpie/admin
Server-driven admin UI for QUESTPIE. Reads your server schema via introspection and generates a complete admin panel — dashboard, table views, form editors, sidebar navigation, block editor — all from the definitions you already wrote on the server.
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/factories.d.mts | AI (source-diff): Long lines are TypeScript declaration file import lists, not obfuscated code. Stable false positive for this package. | ai | |
| source-diff | obfuscated-file:dist/client-D1DqawtP.d.mts | AI (source-diff): Long-line .d.mts files are normal tsdown-bundled TypeScript declarations for a large UI library, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/client-B7r47hEd.d.mts | AI (source-diff): Bundled TypeScript declaration file (.d.mts) from tsdown; long lines are normal for generated type rollups, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/client-BcHj40mZ.d.mts | AI (source-diff): Generated TypeScript declaration file (.d.mts) with long lines from bundler output; not executable, not obfuscated. | ai | |
| phantom-deps | phantom-dep:shadcn | AI (phantom-deps): Config-referenced UI component framework; expected for this package. | ai | |
| phantom-deps | phantom-dep:sonner | AI (phantom-deps): Config-referenced toast library; stable for component libraries. | ai | |
| phantom-deps | phantom-dep:recharts | AI (phantom-deps): Config-referenced charting library; expected dependency pattern. | ai | |
| phantom-deps | phantom-dep:@fontsource-variable/dm-sans | AI (phantom-deps): Config-referenced font; stable for styling-heavy packages. | ai | |
| phantom-deps | phantom-dep:vaul | AI (phantom-deps): Config-referenced UI library; stable pattern for component libraries. | ai | |
| phantom-deps | phantom-dep:tailwindcss | AI (phantom-deps): Tailwind is used in CSS config files, not JS imports; pattern is stable for UI component packages. | ai | |
| phantom-deps | phantom-dep:@fontsource-variable/jetbrains-mono | AI (phantom-deps): CSS-only font package; no JS import expected. | ai | |
| phantom-deps | phantom-dep:@tailwindcss/vite | AI (phantom-deps): Build-time Vite plugin; config-only usage is expected for this package type. | ai | |
| phantom-deps | phantom-dep:tw-animate-css | AI (phantom-deps): CSS-only dependency; no JS import expected. | ai | |
| phantom-deps | phantom-dep:next-themes | AI (phantom-deps): Likely re-exported or used in CSS/config context; stable false positive for UI lib. | ai | |
| phantom-deps | phantom-dep:ajv | AI (phantom-deps): Referenced in config files only; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:ajv-errors | AI (phantom-deps): Config-only reference; stable false positive. | ai | |
| phantom-deps | phantom-dep:ajv-formats | AI (phantom-deps): Config-only reference; stable false positive. | ai | |
| phantom-deps | phantom-dep:react-resizable-panels | AI (phantom-deps): UI component; may be re-exported without direct import in analyzed entry. | ai | |
| phantom-deps | phantom-dep:@fontsource-variable/geist | AI (phantom-deps): CSS-only font package; no JS import expected. | ai |
Versions (showing 34 of 34)
| Version | Deps | Published |
|---|---|---|
| 3.5.2 | 46 / 8 | |
| 3.5.1 | 46 / 8 | |
| 3.5.0 | 46 / 8 | |
| 3.4.1 | 46 / 8 | |
| 3.4.0 | 46 / 8 | |
| 3.3.0 | 46 / 8 | |
| 3.2.7 | 46 / 8 | |
| 3.2.6 | 46 / 8 | |
| 3.2.5 | 46 / 8 | |
| 3.2.4 | 46 / 10 | |
| 3.2.3 | 46 / 10 | |
| 3.2.2 | 46 / 10 | |
| 3.2.1 | 46 / 10 | |
| 3.2.0 | 46 / 10 | |
| 3.1.0 | 46 / 10 | |
| 3.0.9 | 46 / 10 | |
| 3.0.8 | 46 / 10 | |
| 3.0.7 | 46 / 10 | |
| 3.0.6 | 46 / 10 | |
| 3.0.5 | 46 / 10 | |
| 3.0.4 | 46 / 10 | |
| 3.0.3 | 46 / 10 | |
| 3.0.2 | 46 / 10 | |
| 3.0.1 | 46 / 10 | |
| 3.0.0 | 46 / 9 | |
| 1.1.1 | 44 / 14 | |
| 1.1.0 | 44 / 14 | |
| 1.0.5 | 44 / 14 | |
| 1.0.4 | 44 / 14 | |
| 1.0.3 | 44 / 14 | |
| 1.0.2 | 44 / 14 | |
| 1.0.1 | 44 / 14 | |
| 1.0.0 | 44 / 15 | |
| 0.0.1 | 38 / 13 |
v3.5.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.5.1
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.5.0
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.4.1
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.4.0
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.3.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.2.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.2.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.2.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.2.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.2.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.2.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.2.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.1.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.0.9
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.0.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.0.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.0.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.0.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.0.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.0.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.0.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.0.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.0.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.1.1
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.1.0
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.0.5
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.0.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.0.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.0.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.0.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.0.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.