@remoteoss/remote-flows
[](https://www.npmjs.com/package/@remoteoss/remote-flows) [: Package is published via GitHub Actions CI/CD with SLSA attestation from the same remoteoss org; this is the expected automated publishing pattern. | ai | |
| source-diff | large-new-source-files | AI (source-diff): New files are .js.map source maps from a build artifact update, not injected code. | ai | |
| phantom-deps | phantom-dep:recharts | AI (phantom-deps): Component library pattern; deps referenced in config/re-exports, not direct imports. | ai | |
| phantom-deps | phantom-dep:react-pdf | AI (phantom-deps): Component library pattern; deps referenced in config/re-exports, not direct imports. | ai | |
| phantom-deps | phantom-dep:type-fest | AI (phantom-deps): Component library pattern; type-only usage not detected as import. | ai | |
| phantom-deps | phantom-dep:lodash.get | AI (phantom-deps): Component library pattern; referenced in config files. | ai | |
| phantom-deps | phantom-dep:@radix-ui/react-slot | AI (phantom-deps): Component library pattern; Radix deps referenced in config/re-exports. | ai | |
| phantom-deps | phantom-dep:@radix-ui/react-popover | AI (phantom-deps): Component library pattern; Radix deps referenced in config/re-exports. | ai | |
| phantom-deps | phantom-dep:@radix-ui/react-tooltip | AI (phantom-deps): Component library pattern; Radix deps referenced in config/re-exports. | ai | |
| phantom-deps | phantom-dep:@radix-ui/react-accordion | AI (phantom-deps): Component library pattern; Radix deps referenced in config/re-exports. | ai | |
| phantom-deps | phantom-dep:@radix-ui/react-separator | AI (phantom-deps): Component library pattern; Radix deps referenced in config/re-exports. | ai | |
| phantom-deps | phantom-dep:@radix-ui/react-dropdown-menu | AI (phantom-deps): Component library pattern; Radix deps referenced in config/re-exports. | ai | |
| phantom-deps | phantom-dep:@hey-api/client-fetch | AI (phantom-deps): Component library pattern; referenced in config files. | ai | |
| phantom-deps | phantom-dep:pdfjs-dist | AI (phantom-deps): Component library pattern; referenced in config files. | ai | |
| npm-metadata | url-dep:@remoteoss/remote-json-schema-form-kit | AI (npm-metadata): First-party remoteoss package pinned to a specific tag; stable pattern for this org. | ai | |
| phantom-deps | phantom-dep:lodash.mergewith | AI (phantom-deps): Listed in package.json dependencies; legitimate runtime dep. | ai | |
| phantom-deps | phantom-dep:lodash.capitalize | AI (phantom-deps): Listed in package.json dependencies; legitimate runtime dep. | ai | |
| phantom-deps | phantom-dep:react-day-picker | AI (phantom-deps): Listed in package.json dependencies; legitimate runtime dep. | ai | |
| phantom-deps | phantom-dep:tailwindcss-animate | AI (phantom-deps): Listed in package.json dependencies; legitimate runtime dep. | ai | |
| phantom-deps | phantom-dep:@tailwindcss/postcss | AI (phantom-deps): Listed in package.json dependencies; CSS build tooling. | ai | |
| phantom-deps | phantom-dep:@hookform/resolvers | AI (phantom-deps): Listed in package.json dependencies; legitimate runtime dep. | ai | |
| phantom-deps | phantom-dep:cmdk | AI (phantom-deps): Listed in package.json dependencies; bundled UI library, not a phantom dep. | ai | |
| phantom-deps | phantom-dep:postcss | AI (phantom-deps): Listed in package.json dependencies; build tool used in CSS pipeline. | ai | |
| phantom-deps | phantom-dep:date-fns | AI (phantom-deps): Listed in package.json dependencies; legitimate runtime dep. | ai | |
| phantom-deps | phantom-dep:dompurify | AI (phantom-deps): Listed in package.json dependencies; legitimate runtime dep. | ai | |
| phantom-deps | phantom-dep:lodash.omit | AI (phantom-deps): Listed in package.json dependencies; legitimate runtime dep. | ai | |
| phantom-deps | phantom-dep:tailwindcss | AI (phantom-deps): Listed in package.json dependencies; used in CSS build pipeline. | ai | |
| phantom-deps | phantom-dep:lucide-react | AI (phantom-deps): Listed in package.json dependencies; legitimate runtime dep. | ai | |
| phantom-deps | phantom-dep:lodash.isnull | AI (phantom-deps): Listed in package.json dependencies; legitimate runtime dep. | ai | |
| phantom-deps | phantom-dep:lodash.omitby | AI (phantom-deps): Listed in package.json dependencies; legitimate runtime dep. | ai | |
| phantom-deps | phantom-dep:lodash.groupby | AI (phantom-deps): Listed in package.json dependencies; legitimate runtime dep. | ai | |
| phantom-deps | phantom-dep:react-flagpack | AI (phantom-deps): Listed in package.json dependencies; legitimate runtime dep. | ai | |
| phantom-deps | phantom-dep:tailwind-merge | AI (phantom-deps): Listed in package.json dependencies; legitimate runtime dep. | ai | |
| phantom-deps | phantom-dep:fast-deep-equal | AI (phantom-deps): Listed in package.json dependencies; legitimate runtime dep. | ai | |
| phantom-deps | phantom-dep:@tailwindcss/cli | AI (phantom-deps): Listed in package.json dependencies; CSS build tooling. | ai |
Versions (showing 56 of 56)
| Version | Deps | Published |
|---|---|---|
| 1.36.1 | 35 / 26 | |
| 1.36.0 | 35 / 26 | |
| 1.35.0 | 35 / 26 | |
| 1.34.0 | 35 / 26 | |
| 1.33.2 | 35 / 26 | |
| 1.33.1 | 35 / 26 | |
| 1.33.0 | 35 / 26 | |
| 1.32.0 | 35 / 26 | |
| 1.31.0 | 35 / 26 | |
| 1.30.0 | 35 / 26 | |
| 1.29.1 | 35 / 26 | |
| 1.27.0 | 35 / 26 | |
| 1.26.0 | 35 / 26 | |
| 1.25.0 | 35 / 26 | |
| 1.24.1 | 36 / 32 | |
| 1.24.0 | 36 / 32 | |
| 1.23.0 | 35 / 31 | |
| 1.22.0 | 35 / 31 | |
| 1.21.1 | 35 / 31 | |
| 1.21.0 | 35 / 31 | |
| 1.20.0 | 36 / 31 | |
| 1.19.0 | 37 / 31 | |
| 1.18.0 | 38 / 31 | |
| 1.17.0 | 41 / 31 | |
| 1.16.0 | 43 / 31 | |
| 1.15.0 | 43 / 31 | |
| 1.14.0 | 43 / 31 | |
| 1.13.0 | 43 / 31 | |
| 1.12.0 | 43 / 31 | |
| 1.11.0 | 43 / 31 | |
| 1.10.0 | 43 / 31 | |
| 1.9.0 | 43 / 31 | |
| 1.8.0 | 43 / 31 | |
| 1.7.0 | 43 / 31 | |
| 1.6.0 | 43 / 31 | |
| 1.5.1 | 43 / 31 | |
| 1.5.0 | 43 / 31 | |
| 1.4.3 | 43 / 31 | |
| 1.4.2 | 43 / 31 | |
| 1.4.1 | 43 / 31 | |
| 1.4.0 | 43 / 31 | |
| 1.3.1 | 43 / 31 | |
| 1.2.2 | 44 / 31 | |
| 1.0.0 | 46 / 27 | |
| 0.32.0 | 47 / 27 | |
| 0.31.0 | 46 / 27 | |
| 0.30.0 | 46 / 27 | |
| 0.29.0 | 46 / 27 | |
| 0.28.2 | 46 / 27 | |
| 0.28.1 | 46 / 27 | |
| 0.28.0 | 46 / 27 | |
| 0.27.0 | 46 / 27 | |
| 0.26.0 | 46 / 27 | |
| 0.25.0 | 46 / 27 | |
| 0.24.0 | 46 / 27 | |
| 0.23.0 | 46 / 27 |
v1.36.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.36.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.35.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.34.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.33.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.33.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.33.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.32.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.31.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.30.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.29.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.27.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.26.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.25.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.24.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.24.0
2 findingsThis version was published by a different npm account than previous versions on 2026-03-27. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.23.0
2 findingsThis version was published by a different npm account than previous versions on 2026-03-23. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.22.0
2 findingsThis version was published by a different npm account than previous versions on 2026-03-17. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.21.1
2 findingsThis version was published by a different npm account than previous versions on 2026-03-16. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.21.0
2 findingsThis version was published by a different npm account than previous versions on 2026-03-16. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.20.0
2 findingsThis version was published by a different npm account than previous versions on 2026-03-11. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.19.0
2 findingsThis version was published by a different npm account than previous versions on 2026-03-09. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.18.0
2 findingsThis version was published by a different npm account than previous versions on 2026-03-05. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.17.0
2 findingsThis version was published by a different npm account than previous versions on 2026-03-03. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.16.0
2 findingsThis version was published by a different npm account than previous versions on 2026-02-27. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.15.0
2 findingsThis version was published by a different npm account than previous versions on 2026-02-23. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.14.0
2 findingsThis version was published by a different npm account than previous versions on 2026-02-20. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.13.0
2 findingsThis version was published by a different npm account than previous versions on 2026-02-13. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.12.0
2 findingsThis version was published by a different npm account than previous versions on 2026-02-12. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.11.0
2 findingsThis version was published by a different npm account than previous versions on 2026-02-05. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.10.0
2 findingsThis version was published by a different npm account than previous versions on 2026-02-02. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.9.0
2 findingsThis version was published by a different npm account than previous versions on 2026-01-28. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.8.0
2 findingsThis version was published by a different npm account than previous versions on 2026-01-26. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.7.0
2 findingsThis version was published by a different npm account than previous versions on 2026-01-14. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.6.0
2 findingsThis version was published by a different npm account than previous versions on 2026-01-08. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.5.1
2 findingsThis version was published by a different npm account than previous versions on 2026-01-06. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.5.0
2 findingsThis version was published by a different npm account than previous versions on 2026-01-05. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.4.3
2 findingsThis version was published by a different npm account than previous versions on 2025-12-22. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.4.2
2 findingsThis version was published by a different npm account than previous versions on 2025-12-19. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.4.1
2 findingsThis version was published by a different npm account than previous versions on 2025-12-18. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.4.0
2 findingsThis version was published by a different npm account than previous versions on 2025-12-17. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.3.1
2 findingsThis version was published by a different npm account than previous versions on 2025-12-17. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.2.2
2 findingsThis version was published by a different npm account than previous versions on 2025-12-11. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.0.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.32.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.31.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.30.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.29.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.28.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.28.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.28.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.27.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.26.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.25.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.24.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.23.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.