@salesforce/lds-runtime-mobile SEE LICENSE IN LICENSE.txt 16 versions

@salesforce/lds-runtime-mobile

npm

LDS runtime for mobile/hybrid environments.

16

Versions

SEE LICENSE IN LICENSE.txt

License

No

Install Scripts

Missing

Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

ire-npm-team-userjimjagsalesforce-releasesjasonschroeder-sfdcmobifylwc-adminsalesforce-admin

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
maintainer-change	maintainer-removed	AI (maintainer-change): Salesforce org-managed package; bulk maintainer roster changes are expected across their LDS monorepo releases.	ai	2026/05/14
dependencies	unvetted-dep:@salesforce/lds-luvio-uiapi-records-service	AI (dependencies): Co-versioned sibling @salesforce-scoped package; stable pattern.	ai	2026/05/13
dependencies	unvetted-dep:@salesforce/user	AI (dependencies): Internal Salesforce platform dep; stable pattern across all versions of this package.	ai	2026/05/13
dependencies	unvetted-dep:@salesforce/lds-luvio-service	AI (dependencies): Co-versioned sibling @salesforce-scoped package; stable pattern.	ai	2026/05/13
phantom-deps	phantom-dep:@conduit-client/service-provisioner	AI (phantom-deps): Platform-specific conduit dep referenced in config; stable false positive.	ai	2026/05/02
phantom-deps	phantom-dep:@conduit-client/service-bindings-lwc	AI (phantom-deps): Platform-specific binary package; stable false positive.	ai	2026/05/02
phantom-deps	phantom-dep:o11y	AI (phantom-deps): Platform observability dep referenced in config only; stable false positive for this package.	ai	2026/05/02
phantom-deps	phantom-dep:@salesforce/lds-luvio-uiapi-records-service	AI (phantom-deps): Same-org sibling dep; phantom-dep is a stable false positive for this package.	ai	2026/05/02
phantom-deps	phantom-dep:@conduit-client/service-bindings-imperative	AI (phantom-deps): Platform-specific binary package; stable false positive.	ai	2026/05/02
phantom-deps	phantom-dep:o11y_schema	AI (phantom-deps): Platform observability schema dep referenced in config only; stable false positive.	ai	2026/05/02
phantom-deps	phantom-dep:@salesforce/user	AI (phantom-deps): Same-org Salesforce platform dep; not directly imported by design.	ai	2026/05/02
phantom-deps	phantom-dep:@salesforce/lds-luvio-service	AI (phantom-deps): Same-org sibling dep; phantom-dep is a stable false positive for this package.	ai	2026/05/02

Versions (showing 16 of 16)

Version	Deps	Published
1.441.0	11 / 27	2026-06-03
1.440.0	11 / 27	2026-05-28
1.439.0	11 / 27	2026-05-28
1.438.1	11 / 27	2026-05-28
1.438.0	11 / 27	2026-05-27
1.437.0	11 / 27	2026-05-20
1.436.0	11 / 27	2026-05-13
1.435.1	11 / 27	2026-05-08
1.435.0	11 / 27	2026-05-07
1.434.0	11 / 27	2026-04-29
1.433.0	11 / 27	2026-04-22
1.432.0	11 / 27	2026-04-16
1.431.0	11 / 27	2026-04-15
1.430.0	11 / 27	2026-04-11
1.429.0	11 / 27	2026-04-08
1.428.0	11 / 27	2026-04-01

v1.441.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.440.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.439.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.438.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.438.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.437.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.436.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.435.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.435.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.434.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.433.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.432.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.431.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.430.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.429.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.428.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.