@sps-woodland/product-bar-vertical

SPS Woodland Design System product bar vertical component

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

spsc_cafmacybuanjimthedevknedevspschrisndev

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	obfuscated-file:lib/index-DyE5bG-Y.js	AI (source-diff): Vite build output for a React component library; long lines are minified bundle, not obfuscation.	ai	2026/06/01
source-diff	obfuscated-file:lib/index-Bz3KfC4N.js	AI (source-diff): Vite build output for a React component; readable imports and hooks visible in sample, not obfuscated.	ai	2026/06/01
source-diff	obfuscated-file:lib/index-BWrO_L-j.js	AI (source-diff): Vite build output; minified bundle is expected for this design system component package.	ai	2026/06/01
source-diff	obfuscated-file:lib/index-Cm3dmWlb.js	AI (source-diff): Vite-bundled output with readable React code; minification is expected for this design system component package.	ai	2026/06/01
source-diff	obfuscated-file:lib/index-DH5lSYIi.js	AI (source-diff): Vite build output with hashed filename; code is readable minified React, not obfuscated. Stable pattern for this design system package.	ai	2026/05/31
source-diff	obfuscated-file:lib/index-CLLeAQaU.js	AI (source-diff): Vite build output with readable React code; minified variable names are standard for this package's build toolchain.	ai	2026/05/31
phantom-deps	phantom-dep:@react-aria/link	AI (phantom-deps): @react-aria/link is a declared runtime dep likely used transitively via bundled code; stable false positive for this package.	ai	2026/05/31
source-diff	obfuscated-file:lib/index-BlXY1GrK.js	AI (source-diff): Vite-bundled output with readable React imports; not obfuscated, just minified build artifact.	ai	2026/05/31
source-diff	source-size-tripled	AI (source-diff): Size increase reflects bundling of additional SPS Woodland components, consistent with design system build pattern.	ai	2026/05/31
source-diff	obfuscated-file:lib/index-CXQIliqx.js	AI (source-diff): File is Vite-bundled output with readable React code; minification is expected for this component library.	ai	2026/05/26

Versions (showing 51 of 96)

View all versions

Version	Deps	Published
8.46.7	2 / 7	2026-05-28
8.46.6	2 / 7	2026-05-27
8.46.5	2 / 7	2026-05-26
8.46.4	2 / 7	2026-05-20
8.46.3	2 / 7	2026-05-20
8.46.2	2 / 7	2026-05-19
8.46.1	2 / 7	2026-05-19
8.46.0	2 / 7	2026-05-18
8.45.8	1 / 7	2026-05-13
8.45.7	1 / 7	2026-05-12
8.45.6	1 / 7	2026-05-11
8.45.5	1 / 7	2026-05-06
8.45.4	1 / 7	2026-04-30
8.45.3	1 / 7	2026-04-30
8.45.2	1 / 7	2026-04-30
8.45.1	1 / 7	2026-04-30
8.45.0	1 / 7	2026-04-29
8.44.1	1 / 7	2026-04-15
8.44.0	1 / 7	2026-04-14
8.43.1	1 / 7	2026-04-07
8.43.0	1 / 7	2026-03-31
8.42.7	1 / 7	2026-03-20
8.42.6	1 / 7	2026-03-20
8.42.5	1 / 7	2026-03-18
8.42.4	1 / 7	2026-03-18
8.42.3	1 / 7	2026-03-18
8.42.2	1 / 7	2026-03-17
8.42.1	1 / 7	2026-03-16
8.42.0	1 / 7	2026-03-16
8.41.4	1 / 7	2026-03-13
8.41.3	1 / 7	2026-03-09
8.41.2	1 / 7	2026-02-27
8.41.1	1 / 7	2026-02-27
8.41.0	1 / 7	2026-02-27
8.40.0	1 / 7	2026-02-26
8.39.0	1 / 7	2026-02-18
8.38.2	1 / 7	2026-02-17
8.38.1	1 / 7	2026-02-16
8.38.0	1 / 7	2026-02-13
8.37.8	1 / 7	2026-02-12
8.37.7	1 / 7	2026-02-02
8.37.6	1 / 7	2026-01-27
8.37.5	1 / 7	2026-01-27
8.37.4	1 / 7	2026-01-23
8.37.3	1 / 7	2026-01-22
8.37.2	1 / 7	2025-12-17
8.37.1	1 / 7	2025-12-04
8.37.0	1 / 7	2025-11-19
8.36.0	1 / 7	2025-11-07
8.35.6	1 / 7	2025-10-21
8.35.5	1 / 7	2025-10-21

v8.46.7

2 findings

HIGH New obfuscated file: lib/index-DyE5bG-Y.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.