@reltio/search — Greenflagged

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

egorshkovvitaly.gerasevalexander.leshukovreltio-ui-coemanpreet_hayerandrew.borovin.reltioamith.ravuru

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): New publisher reltio-ui-coe is an org CI account with 811 approved packages; consistent with legitimate org-level transition.	ai	2026/05/27
bogus-package	bogus-package	AI (bogus-package): Internal org package with 2250+ versions; sparse metadata is consistent across all releases.	ai	2026/05/26
npm-metadata	no-description	AI (npm-metadata): Stable pattern across all versions of this internal org package.	ai	2026/05/26
provenance	no-provenance	AI (provenance): No provenance across all versions; consistent org-wide pattern.	ai	2026/05/26
phantom-deps	phantom-dep:query-string	AI (phantom-deps): Same monorepo pattern; stable false positive for this package.	ai	2026/04/30
phantom-deps	phantom-dep:react-window	AI (phantom-deps): Same monorepo pattern; stable false positive for this package.	ai	2026/04/30
phantom-deps	phantom-dep:@reltio/mdm-sdk	AI (phantom-deps): Same org scope; stable false positive for this package.	ai	2026/04/30
phantom-deps	phantom-dep:reselect	AI (phantom-deps): Org monorepo pattern; deps declared for consumers, not directly imported in bundle.	ai	2026/04/30
phantom-deps	phantom-dep:@reltio/mdm-module	AI (phantom-deps): Same org scope; stable false positive for this package.	ai	2026/04/30
phantom-deps	phantom-dep:redux-dynamic-modules-react	AI (phantom-deps): Same monorepo pattern; stable false positive for this package.	ai	2026/04/30
phantom-deps	phantom-dep:@reltio/components	AI (phantom-deps): Same org scope; stable false positive for this package.	ai	2026/04/30
phantom-deps	phantom-dep:decimal.js	AI (phantom-deps): Same monorepo pattern; stable false positive for this package.	ai	2026/04/30
phantom-deps	phantom-dep:redux-saga	AI (phantom-deps): Same monorepo pattern; stable false positive for this package.	ai	2026/04/30
phantom-deps	phantom-dep:memoize-one	AI (phantom-deps): Same monorepo pattern; stable false positive for this package.	ai	2026/04/30

Versions (showing 100 of 154)

Version	Deps	Published
1.4.2337	10 / 0	2026-06-03
1.4.2336	10 / 0	2026-06-03
1.4.2335	10 / 0	2026-05-28
1.4.2334	10 / 0	2026-05-28
1.4.2333	10 / 0	2026-05-25
1.4.2332	10 / 0	2026-05-21
1.4.2331	10 / 0	2026-05-19
1.4.2330	10 / 0	2026-05-19
1.4.2329	10 / 0	2026-05-13
1.4.2328	10 / 0	2026-05-07
1.4.2327	10 / 0	2026-05-07
1.4.2326	10 / 0	2026-05-07
1.4.2325	10 / 0	2026-04-30
1.4.2324	10 / 0	2026-04-28
1.4.2323	10 / 0	2026-04-28
1.4.2322	10 / 0	2026-04-23
1.4.2321	10 / 0	2026-04-23
1.4.2320	10 / 0	2026-04-23
1.4.2319	10 / 0	2026-04-21
1.4.2318	10 / 0	2026-04-15
1.4.2317	10 / 0	2026-04-10
1.4.2316	10 / 0	2026-04-08
1.4.2315	10 / 0	2026-04-08
1.4.2314	10 / 0	2026-04-02
1.4.2313	10 / 0	2026-04-02
1.4.2312	10 / 0	2026-03-27
1.4.2311	10 / 0	2026-03-27
1.4.2310	10 / 0	2026-03-24
1.4.2309	10 / 0	2026-03-20
1.4.2308	10 / 0	2026-03-19
1.4.2307	10 / 0	2026-03-13
1.4.2306	10 / 0	2026-03-11
1.4.2305	10 / 0	2026-03-10
1.4.2304	10 / 0	2026-03-04
1.4.2303	10 / 0	2026-02-26
1.4.2302	10 / 0	2026-02-25
1.4.2301	10 / 0	2026-02-25
1.4.2300	10 / 0	2026-02-19
1.4.2299	10 / 0	2026-02-13
1.4.2298	10 / 0	2026-02-06
1.4.2297	10 / 0	2026-01-27
1.4.2296	10 / 0	2026-01-27
1.4.2295	10 / 0	2026-01-27
1.4.2294	10 / 0	2026-01-27
1.4.2293	10 / 0	2026-01-23
1.4.2292	10 / 0	2026-01-23
1.4.2288	10 / 0	2025-12-10
1.4.2287	10 / 0	2025-12-04
1.4.2286	10 / 0	2025-12-04
1.4.2285	10 / 0	2025-12-04
1.4.2284	10 / 0	2025-12-04
1.4.2283	10 / 0	2025-12-02
1.4.2282	10 / 0	2025-11-28
1.4.2281	10 / 0	2025-11-28
1.4.2280	10 / 0	2025-11-27
1.4.2279	10 / 0	2025-11-24
1.4.2278	10 / 0	2025-11-14
1.4.2277	10 / 0	2025-11-14
1.4.2276	10 / 0	2025-11-11
1.4.2275	10 / 0	2025-11-06
1.4.2274	10 / 0	2025-11-06
1.4.2273	10 / 0	2025-11-05
1.4.2272	10 / 0	2025-11-04
1.4.2271	10 / 0	2025-10-30
1.4.2270	10 / 0	2025-10-24
1.4.2269	10 / 0	2025-10-23
1.4.2268	10 / 0	2025-10-23
1.4.2267	10 / 0	2025-10-21
1.4.2266	10 / 0	2025-10-15
1.4.2265	10 / 0	2025-10-15
1.4.2264	10 / 0	2025-10-14
1.4.2263	10 / 0	2025-10-09
1.4.2262	10 / 0	2025-10-09
1.4.2261	10 / 0	2025-10-07
1.4.2260	10 / 0	2025-10-01
1.4.2259	10 / 0	2025-10-01
1.4.2258	10 / 0	2025-09-27
1.4.2257	10 / 0	2025-09-26
1.4.2256	10 / 0	2025-09-23
1.4.2255	10 / 0	2025-09-23
1.4.2254	10 / 0	2025-09-19
1.4.2253	10 / 0	2025-09-18
1.4.2252	10 / 0	2025-09-09
1.4.2251	10 / 0	2025-09-09
1.4.2250	10 / 0	2025-09-08
1.4.2249	10 / 0	2025-09-04
1.4.2248	10 / 0	2025-09-04
1.4.2247	10 / 0	2025-09-02
1.4.2246	10 / 0	2025-08-28
1.4.2245	10 / 0	2025-08-28
1.4.2244	10 / 0	2025-08-28
1.4.2243	10 / 0	2025-08-25
1.4.2242	10 / 0	2025-08-20
1.4.2241	10 / 0	2025-08-18
1.4.2240	10 / 0	2025-08-18
1.4.2239	10 / 0	2025-08-18
1.4.2238	10 / 0	2025-08-18
1.4.2237	10 / 0	2025-08-11
1.4.2236	10 / 0	2025-08-05
1.4.2235	10 / 0	2025-08-05

Showing 100 of 154 Next page →

v1.4.2337

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.4.2336

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.4.2335

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.4.2334

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.