@schemavaults/ui
React.js UI components for SchemaVaults frontend applications
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:@radix-ui/react-avatar | AI (dependencies): Well-known Radix UI primitive; stable false positive for this UI library. | ai | |
| dependencies | unvetted-dep:@radix-ui/react-hover-card | AI (dependencies): Well-known Radix UI primitive; stable false positive for this UI library. | ai | |
| dependencies | unvetted-dep:@schemavaults/theme | AI (dependencies): Internal scoped package from same org; consistent with this package's purpose. | ai | |
| phantom-deps | phantom-dep:react-dom | AI (phantom-deps): react-dom is a peer/runtime dep commonly declared but re-exported; stable false positive for a UI component library. | ai | |
| publish-pattern | rapid-publish | AI (publish-pattern): Automated CI/CD with SLSA provenance; rapid publishes are expected in this pipeline. | ai | |
| phantom-deps | phantom-dep:@hookform/resolvers | AI (phantom-deps): UI component library; resolvers likely referenced in config/type files, stable false positive. | ai | |
| typosquat | typosquat.levenshtein:uuid | AI (typosquat): Scoped org package @schemavaults/ui; not a typosquat of uuid. | ai | |
| phantom-deps | phantom-dep:@emotion/is-prop-valid | AI (phantom-deps): Used transitively by framer-motion; config-only reference is expected pattern. | ai | |
| typosquat | typosquat.levenshtein:pg | AI (typosquat): Scoped org package @schemavaults/ui; not a typosquat of pg. | ai | |
| typosquat | typosquat.levenshtein:qs | AI (typosquat): Scoped org package @schemavaults/ui; not a typosquat of qs. | ai | |
| typosquat | typosquat.levenshtein:joi | AI (typosquat): Scoped org package @schemavaults/ui; not a typosquat of joi. | ai | |
| typosquat | typosquat.levenshtein:yup | AI (typosquat): Scoped org package @schemavaults/ui; not a typosquat of yup. | ai |
Versions (showing 17 of 17)
| Version | Deps | Published |
|---|---|---|
| 0.71.1 | 33 / 28 | |
| 0.70.0 | 33 / 28 | |
| 0.69.0 | 33 / 28 | |
| 0.68.1 | 33 / 28 | |
| 0.67.0 | 33 / 28 | |
| 0.66.0 | 33 / 28 | |
| 0.65.0 | 33 / 28 | |
| 0.64.0 | 33 / 28 | |
| 0.63.0 | 33 / 28 | |
| 0.62.0 | 33 / 28 | |
| 0.61.0 | 33 / 28 | |
| 0.54.1 | 33 / 28 | |
| 0.29.1 | 33 / 31 | |
| 0.28.2 | 33 / 31 | |
| 0.27.2 | 33 / 31 | |
| 0.14.10 | 35 / 30 | |
| 0.14.6 | 34 / 30 |
v0.71.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.70.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.69.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.68.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.67.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.66.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.65.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.64.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.63.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.62.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.61.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.54.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.29.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.28.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.14.10
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.14.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.