@roomstay/frontend
### Install ``` yarn playwright install npm install -g ts-node ``` ### Run Test - Usage: ``` yarn run test:playwright <version> <hotelId> <startDate> <endDate> <children> <adults> <promocode> ``` - Example: ``` yarn playwright test 2/6.13 fa737326-ccdb-49
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | no-provenance | AI (provenance): Established package with 321 versions; lack of Sigstore provenance is consistent across all prior releases. | ai | |
| phantom-deps | phantom-dep:lint-staged | AI (phantom-deps): Dev tooling referenced in config; not a runtime import. | ai | |
| phantom-deps | phantom-dep:zod | AI (phantom-deps): Listed as runtime dep but phantom-dep heuristic fires; likely used indirectly via bundled output. | ai | |
| phantom-deps | phantom-dep:husky | AI (phantom-deps): Dev tooling referenced in prepare script; not a runtime import. | ai | |
| phantom-deps | phantom-dep:@types/react-helmet | AI (phantom-deps): Type-only package; framework-scoped, not directly imported. | ai | |
| phantom-deps | phantom-dep:@vgs/collect-js | AI (phantom-deps): Payment SDK likely loaded dynamically; phantom-dep heuristic is a false positive here. | ai | |
| phantom-deps | phantom-dep:@types/base-64 | AI (phantom-deps): Type-only package; framework-scoped, not directly imported. | ai |
v2.7.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.6.113
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.6.112
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.