@stenajs-webui/core
The core library for @stenajs-webui.
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | publisher-changed | AI (provenance): Transition from mattias800 to GitHub Actions reflects CI/CD automation for StenaIT org; consistent with org-level publishing migration. | ai | |
| typosquat | typosquat.levenshtein:cors | AI (typosquat): Scoped UI library from StenaIT org; name similarity to 'cors' is coincidental, not a typosquat. | ai |
Versions (showing 49 of 49)
| Version | Deps | Published |
|---|---|---|
| 23.18.0 | 3 / 13 | |
| 23.17.3 | 3 / 13 | |
| 23.17.2 | 3 / 13 | |
| 23.17.1 | 3 / 13 | |
| 23.17.0 | 3 / 13 | |
| 23.16.3 | 3 / 13 | |
| 23.16.2 | 3 / 13 | |
| 23.16.1 | 3 / 13 | |
| 23.16.0 | 3 / 13 | |
| 23.15.3 | 3 / 13 | |
| 23.15.2 | 3 / 13 | |
| 23.15.1 | 3 / 13 | |
| 23.15.0 | 3 / 13 | |
| 23.14.0 | 3 / 13 | |
| 23.13.3 | 3 / 13 | |
| 23.13.2 | 3 / 13 | |
| 23.13.1 | 3 / 13 | |
| 23.13.0 | 3 / 13 | |
| 23.12.11 | 3 / 13 | |
| 23.12.10 | 3 / 13 | |
| 23.12.9 | 3 / 13 | |
| 23.12.8 | 3 / 13 | |
| 23.12.7 | 3 / 13 | |
| 23.12.6 | 3 / 13 | |
| 23.12.5 | 3 / 13 | |
| 23.12.4 | 3 / 13 | |
| 23.12.3 | 3 / 13 | |
| 23.12.2 | 3 / 13 | |
| 23.12.1 | 3 / 13 | |
| 23.12.0 | 3 / 13 | |
| 23.11.3 | 3 / 13 | |
| 23.11.2 | 3 / 13 | |
| 23.11.1 | 3 / 13 | |
| 23.11.0 | 3 / 13 | |
| 23.10.0 | 3 / 13 | |
| 23.9.0 | 3 / 13 | |
| 23.8.1 | 3 / 13 | |
| 23.8.0 | 3 / 13 | |
| 23.7.1 | 3 / 13 | |
| 23.7.0 | 3 / 13 | |
| 23.6.0 | 3 / 13 | |
| 23.5.1 | 3 / 13 | |
| 23.5.0 | 3 / 13 | |
| 23.4.0 | 3 / 13 | |
| 23.3.1 | 3 / 13 | |
| 23.3.0 | 3 / 13 | |
| 23.2.0 | 3 / 13 | |
| 23.1.0 | 3 / 13 | |
| 23.0.0 | 3 / 13 |
v23.18.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v23.17.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v23.17.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v23.17.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v23.17.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v23.16.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v23.16.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v23.16.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v23.16.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v23.15.3
2 findingsPackage name '@stenajs-webui/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v23.15.2
2 findingsPackage name '@stenajs-webui/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v23.15.1
2 findingsPackage name '@stenajs-webui/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v23.15.0
2 findingsPackage name '@stenajs-webui/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v23.14.0
2 findingsPackage name '@stenajs-webui/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v23.13.3
2 findingsPackage name '@stenajs-webui/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v23.13.2
2 findingsPackage name '@stenajs-webui/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v23.13.1
2 findingsPackage name '@stenajs-webui/core' is 1 edit(s) away from popular package 'cors'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v23.13.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v23.12.11
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v23.12.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v23.12.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v23.12.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v23.12.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v23.12.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v23.12.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v23.12.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v23.12.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v23.12.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v23.12.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v23.12.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v23.11.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v23.11.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v23.11.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v23.11.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v23.10.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v23.9.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v23.8.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v23.8.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v23.7.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v23.7.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v23.6.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v23.5.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v23.5.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v23.4.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v23.3.1
2 findingsThis version was published by a different npm account than previous versions on 2025-10-31. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v23.3.0
2 findingsThis version was published by a different npm account than previous versions on 2025-10-31. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v23.2.0
2 findingsThis version was published by a different npm account than previous versions on 2025-10-29. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v23.1.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v23.0.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.