@salt-ds/core
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist-es/vertical-navigation/VerticalNavigationItemContent.css.js | AI (source-diff): CSS-in-JS build artifact; long lines are inlined CSS strings, not obfuscation. Stable pattern for this design system package. | ai | |
| source-diff | obfuscated-file:dist-cjs/vertical-navigation/VerticalNavigationItemContent.css.js | AI (source-diff): CSS-in-JS build artifact; long lines are inlined CSS strings, not obfuscation. Stable pattern for this design system package. | ai | |
| source-diff | obfuscated-file:dist-cjs/number-input/NumberInput.css.js | AI (source-diff): CSS-in-JS bundle with readable CSS content; standard build artifact for this design system package. | ai | |
| source-diff | obfuscated-file:dist-es/table/Table.css.js | AI (source-diff): CSS-in-JS bundle with readable CSS content; standard build artifact for this design system package. | ai | |
| source-diff | obfuscated-file:dist-cjs/table/Table.css.js | AI (source-diff): CSS-in-JS bundle with readable CSS content; standard build artifact for this design system package. | ai | |
| source-diff | obfuscated-file:dist-es/number-input/NumberInput.css.js | AI (source-diff): CSS-in-JS bundle with readable CSS content; standard build artifact for this design system package. | ai | |
| publish-pattern | new-deps-added | AI (publish-pattern): tabbable and dom-accessibility-api are established accessibility libs; appropriate additions for a UI component library. | ai | |
| npm-metadata | no-description | AI (npm-metadata): Monorepo package with legitimate repo; missing description is metadata quirk, not malware indicator. | ai | |
| dependencies | unvetted-dep:@salt-ds/window | AI (dependencies): Same-monorepo sibling package from jpmorganchase/salt-ds; stable false positive. | ai | |
| dependencies | unvetted-dep:@salt-ds/styles | AI (dependencies): Same-monorepo sibling package from jpmorganchase/salt-ds; stable false positive. | ai | |
| dependencies | unvetted-dep:@salt-ds/icons | AI (dependencies): Same-monorepo sibling package from jpmorganchase/salt-ds; stable false positive. | ai | |
| typosquat | typosquat.levenshtein:cors | AI (typosquat): Scoped package @salt-ds/core is a JPMorganChase design system component, not a typosquat of 'cors'. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Established monorepo package with 340 versions and SLSA provenance; sparse README metadata is not indicative of spam. | ai |
Versions (showing 28 of 28)
| Version | Deps | Published |
|---|---|---|
| 1.61.0 | 8 / 2 | |
| 1.60.0 | 6 / 2 | |
| 1.59.1 | 6 / 2 | |
| 1.59.0 | 6 / 2 | |
| 1.58.0 | 6 / 2 | |
| 1.57.1 | 6 / 2 | |
| 1.57.0 | 6 / 2 | |
| 1.56.0 | 6 / 2 | |
| 1.55.0 | 6 / 2 | |
| 1.54.2 | 6 / 2 | |
| 1.54.1 | 6 / 0 | |
| 1.54.0 | 6 / 0 | |
| 1.53.0 | 6 / 0 | |
| 1.52.1 | 6 / 0 | |
| 1.52.0 | 6 / 0 | |
| 1.51.0 | 6 / 0 | |
| 1.50.0 | 6 / 0 | |
| 1.49.0 | 6 / 0 | |
| 1.48.0 | 5 / 0 | |
| 1.47.5 | 5 / 0 | |
| 1.47.4 | 5 / 0 | |
| 1.47.3 | 5 / 0 | |
| 1.47.2 | 5 / 0 | |
| 1.47.1 | 5 / 0 | |
| 1.47.0 | 5 / 0 | |
| 1.46.1 | 5 / 0 | |
| 1.46.0 | 5 / 0 | |
| 1.45.0 | 5 / 0 |
v1.61.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.60.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.58.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.57.1
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.57.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.56.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.55.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.54.2
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.54.1
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.54.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.53.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.52.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.52.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.51.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.50.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.49.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.48.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.47.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.47.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.47.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.47.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.47.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.47.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.46.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.46.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.45.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.