@sap-ux/project-access — Greenflagged

Library to access SAP Fiori tools projects

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

tqueckkranthie.sapsap_extncrepossap-ospo-admindevinea

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
dependencies	unvetted-dep:mem-fs-editor	AI (dependencies): mem-fs-editor is a standard Yeoman/generator utility; stable false positive for this SAP tooling package.	ai	2026/06/02
provenance	publisher-changed	AI (provenance): Transition from individual to GitHub Actions CI/CD with SLSA attestation; legitimate for SAP org packages.	ai	2026/06/02
provenance	no-provenance	AI (provenance): SAP open-ux-tools monorepo does not publish with Sigstore provenance; consistent across all versions.	ai	2026/04/29

Versions (showing 65 of 65)

Version	Deps	Published
2.1.1	9 / 7	2026-06-04
2.1.0	9 / 7	2026-06-04
2.0.2	8 / 8	2026-06-03
2.0.1	8 / 8	2026-06-01
2.0.0	8 / 8	2026-05-30
1.38.1	8 / 7	2026-05-21
1.38.0	8 / 7	2026-05-19
1.37.0	8 / 7	2026-05-15
1.36.4	8 / 7	2026-05-13
1.36.3	8 / 7	2026-05-06
1.36.2	8 / 7	2026-04-30
1.36.1	8 / 7	2026-04-29
1.36.0	8 / 7	2026-04-27
1.35.21	8 / 7	2026-04-23
1.35.20	8 / 7	2026-04-14
1.35.19	8 / 7	2026-04-08
1.35.18	8 / 7	2026-04-01
1.35.17	8 / 7	2026-03-26
1.35.16	8 / 7	2026-03-26
1.35.15	8 / 7	2026-03-25
1.35.14	8 / 7	2026-03-20
1.35.13	8 / 7	2026-03-05
1.35.12	8 / 7	2026-03-05
1.35.11	8 / 7	2026-03-04
1.35.10	8 / 7	2026-02-27
1.35.9	8 / 7	2026-02-23
1.35.7	8 / 7	2026-02-21
1.35.6	8 / 7	2026-02-20
1.35.5	8 / 7	2026-02-18
1.35.4	8 / 7	2026-02-16
1.35.3	8 / 7	2026-02-13
1.35.2	8 / 7	2026-02-12
1.35.1	8 / 7	2026-02-11
1.35.0	8 / 7	2026-02-09
1.34.7	8 / 6	2026-02-05
1.34.6	8 / 6	2026-02-05
1.34.5	8 / 6	2026-02-03
1.34.4	8 / 6	2026-01-30
1.34.3	8 / 6	2026-01-29
1.34.2	8 / 6	2026-01-16
1.34.1	8 / 6	2026-01-15
1.34.0	8 / 6	2026-01-14
1.33.2	8 / 6	2026-01-12
1.33.1	8 / 6	2026-01-09
1.33.0	8 / 6	2025-12-19
1.32.17	8 / 6	2025-12-18
1.32.16	8 / 6	2025-12-15
1.32.15	8 / 6	2025-12-14
1.32.14	8 / 6	2025-12-11
1.32.12	8 / 6	2025-12-04
1.32.11	8 / 6	2025-11-28
1.32.10	8 / 6	2025-11-26
1.32.9	8 / 6	2025-11-24
1.32.8	8 / 6	2025-11-05
1.32.7	8 / 6	2025-10-27
1.32.6	8 / 6	2025-10-22
1.32.5	8 / 6	2025-10-21
1.32.4	8 / 6	2025-10-10
1.30.14	8 / 6	2025-09-16
1.30.7	8 / 6	2025-07-08
1.30.6	8 / 6	2025-07-04
1.30.3	8 / 6	2025-06-24
1.30.1	8 / 6	2025-05-15
1.30.0	8 / 6	2025-05-14
1.29.22	8 / 6	2025-05-05

v2.1.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.1.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.1

2 findings

HIGH Publisher changed: devinea → GitHub Actions (on 2026-06-01) provenance

This version was published by a different npm account than previous versions on 2026-06-01. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.0

2 findings

HIGH Publisher changed: devinea → GitHub Actions (on 2026-05-30) provenance

This version was published by a different npm account than previous versions on 2026-05-30. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.38.1

2 findings

HIGH Publisher changed: devinea → GitHub Actions (on 2026-05-21) provenance

This version was published by a different npm account than previous versions on 2026-05-21. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.38.0

2 findings

HIGH Publisher changed: devinea → GitHub Actions (on 2026-05-19) provenance

This version was published by a different npm account than previous versions on 2026-05-19. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.37.0

2 findings

HIGH Publisher changed: devinea → GitHub Actions (on 2026-05-15) provenance

This version was published by a different npm account than previous versions on 2026-05-15. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.