@redhat-cloud-services/frontend-components-config
Config plugins and settings for RedHat Cloud Services project.
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:git-revision-webpack-plugin | AI (dependencies): Legitimate webpack plugin dependency; stable for this build-config package. | ai | |
| dependencies | unvetted-dep:@redhat-cloud-services/tsc-transform-imports | AI (dependencies): Same RedHat org scope; expected internal dependency for this package. | ai | |
| phantom-deps | phantom-dep:@redhat-cloud-services/tsc-transform-imports | AI (phantom-deps): Same-org dep; phantom-dep heuristic false positive. | ai | |
| phantom-deps | phantom-dep:chalk | AI (phantom-deps): Webpack toolchain peer-dep; re-exported rather than directly imported by this config package. | ai | |
| phantom-deps | phantom-dep:lodash | AI (phantom-deps): Webpack toolchain peer-dep; re-exported rather than directly imported by this config package. | ai | |
| phantom-deps | phantom-dep:process | AI (phantom-deps): Webpack toolchain peer-dep; re-exported rather than directly imported by this config package. | ai | |
| phantom-deps | phantom-dep:@swc/core | AI (phantom-deps): Webpack toolchain peer-dep; re-exported rather than directly imported by this config package. | ai | |
| phantom-deps | phantom-dep:ts-loader | AI (phantom-deps): Webpack toolchain peer-dep; re-exported rather than directly imported by this config package. | ai | |
| phantom-deps | phantom-dep:css-loader | AI (phantom-deps): Webpack toolchain peer-dep; re-exported rather than directly imported by this config package. | ai | |
| phantom-deps | phantom-dep:swc-loader | AI (phantom-deps): Webpack toolchain peer-dep; re-exported rather than directly imported by this config package. | ai | |
| phantom-deps | phantom-dep:http-server | AI (phantom-deps): Webpack toolchain peer-dep; re-exported rather than directly imported by this config package. | ai | |
| semgrep | semgrep:child-process-import | AI (semgrep): Build-script CLI tool; child_process use is expected for running webpack/build commands. | ai | |
| phantom-deps | phantom-dep:webpack-cli | AI (phantom-deps): Webpack toolchain peer-dep; re-exported rather than directly imported by this config package. | ai | |
| phantom-deps | phantom-dep:react-refresh | AI (phantom-deps): Webpack toolchain peer-dep; re-exported rather than directly imported by this config package. | ai | |
| phantom-deps | phantom-dep:https-proxy-agent | AI (phantom-deps): Webpack toolchain peer-dep; re-exported rather than directly imported by this config package. | ai | |
| phantom-deps | phantom-dep:source-map-loader | AI (phantom-deps): Webpack toolchain peer-dep; re-exported rather than directly imported by this config package. | ai | |
| phantom-deps | phantom-dep:html-webpack-plugin | AI (phantom-deps): Webpack toolchain peer-dep; re-exported rather than directly imported by this config package. | ai | |
| phantom-deps | phantom-dep:git-revision-webpack-plugin | AI (phantom-deps): Webpack toolchain peer-dep; re-exported rather than directly imported by this config package. | ai | |
| phantom-deps | phantom-dep:html-replace-webpack-plugin | AI (phantom-deps): Webpack toolchain peer-dep; re-exported rather than directly imported by this config package. | ai | |
| phantom-deps | phantom-dep:jws | AI (phantom-deps): Webpack toolchain peer-dep; re-exported rather than directly imported by this config package. | ai | |
| phantom-deps | phantom-dep:sass-loader | AI (phantom-deps): Webpack toolchain peer-dep; re-exported rather than directly imported by this config package. | ai | |
| semgrep | semgrep:dynamic-require | AI (semgrep): Loads user-supplied fec.config.js at runtime — documented and expected behavior for this config tool. | ai | |
| phantom-deps | phantom-dep:sass | AI (phantom-deps): Webpack toolchain peer-dep; re-exported rather than directly imported by this config package. | ai |
Versions (showing 67 of 67)
| Version | Deps | Published |
|---|---|---|
| 6.11.2 | 44 / 2 | |
| 6.11.1 | 44 / 2 | |
| 6.11.0 | 44 / 2 | |
| 6.10.3 | 44 / 2 | |
| 6.10.2 | 44 / 2 | |
| 6.10.1 | 44 / 2 | |
| 6.10.0 | 44 / 2 | |
| 6.9.1 | 44 / 2 | |
| 6.9.0 | 44 / 2 | |
| 6.8.3 | 43 / 2 | |
| 6.8.2 | 43 / 2 | |
| 6.8.0 | 43 / 2 | |
| 6.7.54 | 42 / 2 | |
| 6.7.53 | 42 / 2 | |
| 6.7.52 | 42 / 2 | |
| 6.7.51 | 42 / 2 | |
| 6.7.50 | 42 / 2 | |
| 6.7.49 | 42 / 2 | |
| 6.7.48 | 42 / 2 | |
| 6.7.46 | 42 / 2 | |
| 6.7.45 | 42 / 2 | |
| 6.7.44 | 42 / 2 | |
| 6.7.43 | 42 / 2 | |
| 6.7.42 | 42 / 2 | |
| 6.7.41 | 42 / 2 | |
| 6.7.40 | 42 / 2 | |
| 6.7.39 | 42 / 2 | |
| 6.7.38 | 42 / 2 | |
| 6.7.37 | 42 / 2 | |
| 6.7.36 | 42 / 2 | |
| 6.7.34 | 42 / 2 | |
| 6.7.33 | 42 / 2 | |
| 6.7.32 | 42 / 2 | |
| 6.7.29 | 42 / 2 | |
| 6.7.27 | 42 / 2 | |
| 6.7.26 | 42 / 2 | |
| 6.7.25 | 42 / 2 | |
| 6.7.24 | 42 / 2 | |
| 6.7.23 | 42 / 2 | |
| 6.7.22 | 42 / 2 | |
| 6.7.21 | 42 / 2 | |
| 6.7.19 | 42 / 2 | |
| 6.7.18 | 42 / 2 | |
| 6.7.17 | 42 / 2 | |
| 6.7.16 | 42 / 2 | |
| 6.7.14 | 42 / 2 | |
| 6.7.13 | 42 / 2 | |
| 6.7.12 | 42 / 2 | |
| 6.7.11 | 42 / 2 | |
| 6.7.10 | 42 / 2 | |
| 6.7.9 | 42 / 2 | |
| 6.7.4 | 42 / 2 | |
| 6.7.3 | 42 / 2 | |
| 6.7.2 | 42 / 2 | |
| 6.7.1 | 42 / 2 | |
| 6.7.0 | 42 / 2 | |
| 6.6.9 | 42 / 2 | |
| 6.6.8 | 42 / 2 | |
| 6.6.7 | 42 / 2 | |
| 6.6.5 | 42 / 2 | |
| 6.6.4 | 42 / 2 | |
| 6.6.3 | 42 / 2 | |
| 6.6.2 | 42 / 2 | |
| 6.6.1 | 42 / 2 | |
| 6.6.0 | 42 / 2 | |
| 6.5.10 | 42 / 2 | |
| 6.5.9 | 42 / 2 |
v6.11.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.11.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.11.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.10.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.10.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.10.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.10.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.9.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.9.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.8.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.8.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.8.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.7.54
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.7.53
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.7.52
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.7.51
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.7.50
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.7.49
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.7.48
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.7.46
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.7.45
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.7.44
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.7.43
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.7.42
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.7.41
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.7.40
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.7.39
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.7.38
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.7.37
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.7.36
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.7.34
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.7.33
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.7.32
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.7.29
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.7.27
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.7.26
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.7.25
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.7.24
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.7.23
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.7.22
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.7.21
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.7.19
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.7.18
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.7.17
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.7.16
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.7.14
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.7.13
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.7.12
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.7.11
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.7.10
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.7.9
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.7.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.7.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.7.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.7.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.7.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.6.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.6.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.6.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.6.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.6.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.6.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.6.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.6.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.6.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.5.10
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.5.9
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.