@regulaforensics/ui-components
Regula UI components
5
Versions
MIT
License
No
Install Scripts
Missing
Provenance
Supply chain provenance
Status for the latest visible version.
No SLSA provenance
npm registry signatures
gitHead linked
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
regulaikliashchou
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:react-scroll | AI (dependencies): react-scroll is a legitimate, widely-used React scroll animation library. Stable false positive for this UI component package. | ai | |
| dependencies | unvetted-dep:overlayscrollbars-react | AI (dependencies): overlayscrollbars-react is a legitimate, well-maintained React scrollbar library. Stable false positive for this UI component package. | ai | |
| dependencies | unvetted-dep:@uiw/react-json-view | AI (dependencies): uiw/react-json-view is a legitimate open-source JSON viewer component. Alpha versioning is expected for this library and acceptable in a UI component context. | ai | |
| phantom-deps | phantom-dep:@babel/runtime | AI (phantom-deps): @babel/runtime is a standard transpilation runtime dependency for compiled libraries; its phantom-dep status is expected and stable for this package. | ai | |
| phantom-deps | phantom-dep:date-fns | AI (phantom-deps): Pre-built UI component library; date-fns is a standard date utility, likely bundled in dist. | ai | |
| phantom-deps | phantom-dep:classnames | AI (phantom-deps): Pre-built UI component library; classnames is a standard CSS utility, likely bundled in dist. | ai | |
| phantom-deps | phantom-dep:react-scroll | AI (phantom-deps): Pre-built UI component library; react-scroll is a standard scroll utility, likely bundled in dist. | ai | |
| phantom-deps | phantom-dep:react-i18next | AI (phantom-deps): Pre-built UI component library; react-i18next is a standard i18n binding, likely bundled in dist. | ai | |
| phantom-deps | phantom-dep:reflect-metadata | AI (phantom-deps): Known implicit runtime dependency for decorator metadata; flagged as such by the analyzer. Standard pattern for class-transformer usage. | ai | |
| phantom-deps | phantom-dep:class-transformer | AI (phantom-deps): Pre-built UI component library; class-transformer is a standard serialization library, likely bundled in dist. | ai | |
| phantom-deps | phantom-dep:pako | AI (phantom-deps): Pre-built UI component library; deps may be bundled in dist rather than directly imported. Standard utility library with no malicious associations. | ai | |
| phantom-deps | phantom-dep:react-device-detect | AI (phantom-deps): Pre-built UI component library; react-device-detect is a standard device detection library, likely bundled in dist. | ai | |
| phantom-deps | phantom-dep:@uiw/react-json-view | AI (phantom-deps): Pre-built UI component library; @uiw/react-json-view is a standard JSON viewer component, likely bundled in dist. | ai | |
| phantom-deps | phantom-dep:react-transition-group | AI (phantom-deps): Pre-built UI component library; react-transition-group is a standard animation library, likely bundled in dist. | ai | |
| phantom-deps | phantom-dep:overlayscrollbars-react | AI (phantom-deps): Pre-built UI component library; overlayscrollbars-react is a standard scroll component, likely bundled in dist. | ai | |
| provenance | no-provenance | AI (provenance): Established package (814 days, 848 versions) from Regula Forensics. Absence of Sigstore provenance is common (~88% of npm packages) and not a risk signal for this package. | ai | |
| phantom-deps | phantom-dep:overlayscrollbars | AI (phantom-deps): Pre-built UI component library; overlayscrollbars is a standard scroll library, likely bundled in dist. | ai | |
| phantom-deps | phantom-dep:lodash | AI (phantom-deps): Pre-built UI component library; lodash may be bundled in dist. Standard utility library with no malicious associations. | ai | |
| phantom-deps | phantom-dep:thenby | AI (phantom-deps): Pre-built UI component library; thenby may be bundled in dist. Standard sorting utility with no malicious associations. | ai | |
| phantom-deps | phantom-dep:i18next | AI (phantom-deps): Pre-built UI component library; i18next is a standard internationalization library, likely bundled in dist. | ai |
Versions (showing 5 of 5)
| Version | Deps | Published |
|---|---|---|
| 9.4.946 | 18 / 42 | |
| 9.3.890 | 18 / 42 | |
| 9.2.821 | 18 / 43 | |
| 9.1.757 | 18 / 43 | |
| 8.4.688 | 13 / 35 |
v9.3.890
1 finding
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v9.2.821
1 finding
INFO
No provenance attestation
provenance
[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v9.1.757
1 finding
INFO
No provenance attestation
provenance
[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v8.4.688
1 finding
INFO
No provenance attestation
provenance
[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.