← Home

@reltio/search

npm
51
Versions
SEE LICENSE IN LICENSE FILE
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

egorshkovvitaly.gerasevalexander.leshukovreltio-ui-coemanpreet_hayerandrew.borovin.reltioamith.ravuru

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
provenance publisher-changed AI (provenance): New publisher reltio-ui-coe is an org CI account with 811 approved packages; consistent with legitimate org-level transition. ai
bogus-package bogus-package AI (bogus-package): Internal org package with 2250+ versions; sparse metadata is consistent across all releases. ai
npm-metadata no-description AI (npm-metadata): Stable pattern across all versions of this internal org package. ai
provenance no-provenance AI (provenance): No provenance across all versions; consistent org-wide pattern. ai
phantom-deps phantom-dep:query-string AI (phantom-deps): Same monorepo pattern; stable false positive for this package. ai
phantom-deps phantom-dep:react-window AI (phantom-deps): Same monorepo pattern; stable false positive for this package. ai
phantom-deps phantom-dep:@reltio/mdm-sdk AI (phantom-deps): Same org scope; stable false positive for this package. ai
phantom-deps phantom-dep:reselect AI (phantom-deps): Org monorepo pattern; deps declared for consumers, not directly imported in bundle. ai
phantom-deps phantom-dep:@reltio/mdm-module AI (phantom-deps): Same org scope; stable false positive for this package. ai
phantom-deps phantom-dep:redux-dynamic-modules-react AI (phantom-deps): Same monorepo pattern; stable false positive for this package. ai
phantom-deps phantom-dep:@reltio/components AI (phantom-deps): Same org scope; stable false positive for this package. ai
phantom-deps phantom-dep:decimal.js AI (phantom-deps): Same monorepo pattern; stable false positive for this package. ai
phantom-deps phantom-dep:redux-saga AI (phantom-deps): Same monorepo pattern; stable false positive for this package. ai
phantom-deps phantom-dep:memoize-one AI (phantom-deps): Same monorepo pattern; stable false positive for this package. ai

Versions (showing 51 of 154)

View all versions
Version Deps Published
1.4.2337 10 / 0
1.4.2336 10 / 0
1.4.2335 10 / 0
1.4.2334 10 / 0
1.4.2333 10 / 0
1.4.2332 10 / 0
1.4.2331 10 / 0
1.4.2330 10 / 0
1.4.2329 10 / 0
1.4.2328 10 / 0
1.4.2327 10 / 0
1.4.2326 10 / 0
1.4.2325 10 / 0
1.4.2324 10 / 0
1.4.2323 10 / 0
1.4.2322 10 / 0
1.4.2321 10 / 0
1.4.2320 10 / 0
1.4.2319 10 / 0
1.4.2318 10 / 0
1.4.2317 10 / 0
1.4.2316 10 / 0
1.4.2315 10 / 0
1.4.2314 10 / 0
1.4.2313 10 / 0
1.4.2312 10 / 0
1.4.2311 10 / 0
1.4.2310 10 / 0
1.4.2309 10 / 0
1.4.2308 10 / 0
1.4.2307 10 / 0
1.4.2306 10 / 0
1.4.2305 10 / 0
1.4.2304 10 / 0
1.4.2303 10 / 0
1.4.2302 10 / 0
1.4.2301 10 / 0
1.4.2300 10 / 0
1.4.2299 10 / 0
1.4.2298 10 / 0
1.4.2297 10 / 0
1.4.2296 10 / 0
1.4.2295 10 / 0
1.4.2294 10 / 0
1.4.2293 10 / 0
1.4.2292 10 / 0
1.4.2288 10 / 0
1.4.2287 10 / 0
1.4.2286 10 / 0
1.4.2285 10 / 0
1.4.2284 10 / 0

v1.4.2337

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.4.2336

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.4.2335

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.4.2334

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.4.2333

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.4.2332

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.4.2331

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.4.2330

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.4.2329

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.4.2328

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.4.2327

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.4.2326

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.4.2325

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.4.2324

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.4.2323

2 findings
HIGH Publisher changed: vitaly.gerasev → egorshkov (on 2026-04-28) provenance

This version was published by a different npm account than previous versions on 2026-04-28. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.4.2322

2 findings
HIGH Publisher changed: vitaly.gerasev → egorshkov (on 2026-04-23) provenance

This version was published by a different npm account than previous versions on 2026-04-23. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.4.2321

2 findings
HIGH Publisher changed: vitaly.gerasev → egorshkov (on 2026-04-23) provenance

This version was published by a different npm account than previous versions on 2026-04-23. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.4.2320

2 findings
HIGH Publisher changed: vitaly.gerasev → reltio-ui-coe (on 2026-04-23) provenance

This version was published by a different npm account than previous versions on 2026-04-23. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.4.2319

2 findings
HIGH Publisher changed: vitaly.gerasev → reltio-ui-coe (on 2026-04-21) provenance

This version was published by a different npm account than previous versions on 2026-04-21. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.4.2318

2 findings
HIGH Publisher changed: vitaly.gerasev → reltio-ui-coe (on 2026-04-15) provenance

This version was published by a different npm account than previous versions on 2026-04-15. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.4.2317

2 findings
HIGH Publisher changed: vitaly.gerasev → reltio-ui-coe (on 2026-04-10) provenance

This version was published by a different npm account than previous versions on 2026-04-10. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.4.2316

2 findings
HIGH Publisher changed: vitaly.gerasev → reltio-ui-coe (on 2026-04-08) provenance

This version was published by a different npm account than previous versions on 2026-04-08. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.4.2315

2 findings
HIGH Publisher changed: vitaly.gerasev → reltio-ui-coe (on 2026-04-08) provenance

This version was published by a different npm account than previous versions on 2026-04-08. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.4.2314

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.4.2313

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.4.2312

2 findings
HIGH Publisher changed: vitaly.gerasev → reltio-ui-coe (on 2026-03-27) provenance

This version was published by a different npm account than previous versions on 2026-03-27. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.4.2311

2 findings
HIGH Publisher changed: vitaly.gerasev → reltio-ui-coe (on 2026-03-27) provenance

This version was published by a different npm account than previous versions on 2026-03-27. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.4.2310

2 findings
HIGH Publisher changed: vitaly.gerasev → reltio-ui-coe (on 2026-03-24) provenance

This version was published by a different npm account than previous versions on 2026-03-24. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.4.2309

2 findings
HIGH Publisher changed: vitaly.gerasev → reltio-ui-coe (on 2026-03-20) provenance

This version was published by a different npm account than previous versions on 2026-03-20. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.4.2308

2 findings
HIGH Publisher changed: vitaly.gerasev → reltio-ui-coe (on 2026-03-19) provenance

This version was published by a different npm account than previous versions on 2026-03-19. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.4.2307

2 findings
HIGH Publisher changed: vitaly.gerasev → reltio-ui-coe (on 2026-03-13) provenance

This version was published by a different npm account than previous versions on 2026-03-13. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.4.2306

2 findings
HIGH Publisher changed: vitaly.gerasev → reltio-ui-coe (on 2026-03-11) provenance

This version was published by a different npm account than previous versions on 2026-03-11. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.4.2305

2 findings
HIGH Publisher changed: vitaly.gerasev → reltio-ui-coe (on 2026-03-10) provenance

This version was published by a different npm account than previous versions on 2026-03-10. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.4.2304

2 findings
HIGH Publisher changed: vitaly.gerasev → reltio-ui-coe (on 2026-03-04) provenance

This version was published by a different npm account than previous versions on 2026-03-04. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.4.2303

2 findings
HIGH Publisher changed: vitaly.gerasev → reltio-ui-coe (on 2026-02-26) provenance

This version was published by a different npm account than previous versions on 2026-02-26. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.4.2302

2 findings
HIGH Publisher changed: vitaly.gerasev → reltio-ui-coe (on 2026-02-25) provenance

This version was published by a different npm account than previous versions on 2026-02-25. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.4.2301

2 findings
HIGH Publisher changed: vitaly.gerasev → reltio-ui-coe (on 2026-02-25) provenance

This version was published by a different npm account than previous versions on 2026-02-25. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.4.2300

2 findings
HIGH Publisher changed: vitaly.gerasev → reltio-ui-coe (on 2026-02-19) provenance

This version was published by a different npm account than previous versions on 2026-02-19. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.4.2299

2 findings
HIGH Publisher changed: vitaly.gerasev → reltio-ui-coe (on 2026-02-13) provenance

This version was published by a different npm account than previous versions on 2026-02-13. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.4.2298

2 findings
HIGH Publisher changed: vitaly.gerasev → reltio-ui-coe (on 2026-02-06) provenance

This version was published by a different npm account than previous versions on 2026-02-06. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.4.2297

2 findings
HIGH Publisher changed: vitaly.gerasev → reltio-ui-coe (on 2026-01-27) provenance

This version was published by a different npm account than previous versions on 2026-01-27. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.4.2296

2 findings
HIGH Publisher changed: vitaly.gerasev → reltio-ui-coe (on 2026-01-27) provenance

This version was published by a different npm account than previous versions on 2026-01-27. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.4.2295

2 findings
HIGH Publisher changed: vitaly.gerasev → reltio-ui-coe (on 2026-01-27) provenance

This version was published by a different npm account than previous versions on 2026-01-27. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.4.2294

2 findings
HIGH Publisher changed: vitaly.gerasev → reltio-ui-coe (on 2026-01-27) provenance

This version was published by a different npm account than previous versions on 2026-01-27. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.4.2293

2 findings
HIGH Publisher changed: vitaly.gerasev → reltio-ui-coe (on 2026-01-23) provenance

This version was published by a different npm account than previous versions on 2026-01-23. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.4.2292

2 findings
HIGH Publisher changed: vitaly.gerasev → reltio-ui-coe (on 2026-01-23) provenance

This version was published by a different npm account than previous versions on 2026-01-23. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.4.2288

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.4.2287

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.4.2286

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.4.2285

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.4.2284

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.