@sap-ux/project-input-validator

Library to validate Fiori project input formats

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

tqueckkranthie.sapsap_extncrepossap-ospo-admindevinea

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): SAP/open-ux-tools publishes via GitHub Actions CI/CD with SLSA attestation; this is the expected publisher for this package going forward.	ai	2026/05/25
provenance	no-provenance	AI (provenance): SAP open-ux-tools monorepo does not publish with Sigstore provenance; stable false positive for this package family.	ai	2026/04/29

Versions (showing 92 of 92)

Version	Deps	Published
1.0.5	3 / 3	2026-06-04
1.0.4	3 / 3	2026-06-04
1.0.2	3 / 3	2026-06-03
1.0.1	3 / 3	2026-06-01
1.0.0	3 / 3	2026-05-30
0.7.2	3 / 2	2026-05-21
0.7.1	3 / 2	2026-05-19
0.7.0	3 / 2	2026-05-15
0.6.83	3 / 2	2026-05-13
0.6.82	3 / 2	2026-05-06
0.6.81	3 / 2	2026-04-30
0.6.80	3 / 2	2026-04-30
0.6.79	3 / 2	2026-04-29
0.6.78	3 / 2	2026-04-27
0.6.77	3 / 2	2026-04-23
0.6.76	3 / 2	2026-04-14
0.6.75	3 / 2	2026-04-08
0.6.74	3 / 2	2026-04-01
0.6.73	3 / 2	2026-03-30
0.6.72	3 / 2	2026-03-26
0.6.71	3 / 2	2026-03-26
0.6.70	3 / 2	2026-03-25
0.6.69	3 / 2	2026-03-20
0.6.68	3 / 2	2026-03-17
0.6.67	3 / 2	2026-03-05
0.6.66	3 / 2	2026-03-05
0.6.65	3 / 2	2026-03-04
0.6.64	3 / 2	2026-02-27
0.6.63	3 / 2	2026-02-26
0.6.62	3 / 2	2026-02-23
0.6.60	3 / 2	2026-02-21
0.6.59	3 / 2	2026-02-20
0.6.58	3 / 2	2026-02-20
0.6.57	3 / 2	2026-02-18
0.6.56	3 / 2	2026-02-16
0.6.55	3 / 2	2026-02-13
0.6.54	3 / 2	2026-02-12
0.6.53	3 / 2	2026-02-11
0.6.52	3 / 2	2026-02-09
0.6.51	3 / 2	2026-02-05
0.6.50	3 / 2	2026-02-05
0.6.49	3 / 2	2026-02-03
0.6.48	3 / 2	2026-01-30
0.6.47	3 / 2	2026-01-29
0.6.46	3 / 2	2026-01-24
0.6.45	3 / 2	2026-01-16
0.6.44	3 / 2	2026-01-15
0.6.43	3 / 2	2026-01-14
0.6.42	3 / 2	2026-01-12
0.6.41	3 / 2	2026-01-09
0.6.40	3 / 2	2025-12-19
0.6.39	3 / 2	2025-12-18
0.6.38	3 / 2	2025-12-15
0.6.37	3 / 2	2025-12-14
0.6.36	3 / 2	2025-12-11
0.6.34	3 / 2	2025-12-04
0.6.33	3 / 2	2025-11-28
0.6.32	3 / 2	2025-11-26
0.6.31	3 / 2	2025-11-24
0.6.30	3 / 2	2025-11-05
0.6.29	3 / 2	2025-10-27
0.6.28	3 / 2	2025-10-22
0.6.27	3 / 2	2025-10-21
0.6.26	3 / 2	2025-10-13
0.6.25	3 / 2	2025-10-10
0.6.24	3 / 2	2025-10-07
0.6.23	3 / 2	2025-10-06
0.6.22	3 / 2	2025-09-19
0.6.21	3 / 2	2025-09-19
0.6.20	3 / 2	2025-09-18
0.6.19	3 / 2	2025-09-16
0.6.18	3 / 2	2025-08-28
0.6.17	3 / 2	2025-08-14
0.6.16	3 / 2	2025-08-13
0.6.15	3 / 2	2025-08-01
0.6.14	3 / 2	2025-07-30
0.6.13	3 / 2	2025-07-29
0.6.12	3 / 2	2025-07-11
0.6.11	3 / 2	2025-07-08
0.6.10	3 / 2	2025-07-04
0.6.9	3 / 3	2025-07-04
0.6.8	3 / 3	2025-07-03
0.6.7	3 / 3	2025-06-30
0.6.6	3 / 3	2025-06-28
0.6.5	3 / 3	2025-06-25
0.6.4	3 / 3	2025-06-24
0.6.3	3 / 3	2025-06-17
0.6.2	3 / 3	2025-05-30
0.6.1	3 / 3	2025-05-15
0.6.0	3 / 3	2025-05-14
0.5.6	3 / 3	2025-05-08
0.5.5	3 / 3	2025-05-05

v1.0.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.7.2

2 findings

HIGH Publisher changed: devinea → GitHub Actions (on 2026-05-21) provenance

This version was published by a different npm account than previous versions on 2026-05-21. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.7.1

2 findings

HIGH Publisher changed: devinea → GitHub Actions (on 2026-05-19) provenance

This version was published by a different npm account than previous versions on 2026-05-19. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.7.0

2 findings

HIGH Publisher changed: devinea → GitHub Actions (on 2026-05-15) provenance

This version was published by a different npm account than previous versions on 2026-05-15. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.