@suilend/sui-fe-next
A collection of TypeScript frontend components and hooks
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:@sentry/nextjs | AI (dependencies): @sentry/nextjs is a well-known error monitoring library; no risk specific to this package. | ai | |
| provenance | no-provenance | AI (provenance): Package consistently published without provenance; common for this publisher/ecosystem. | ai | |
| dependencies | unvetted-dep:shio-sdk | AI (dependencies): DeFi SDK dependency consistent with Suilend's Sui ecosystem context; no malware indicators. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Internal ecosystem library; sparse README is expected for a component library targeting known consumers. | ai | |
| dependencies | unvetted-dep:launchdarkly-react-client-sdk | AI (dependencies): LaunchDarkly React SDK is a well-known, widely-used feature-flagging library; not a risk for this package. | ai | |
| phantom-deps | phantom-dep:@tanstack/react-query | AI (phantom-deps): Used in hooks/fetchers via re-exports; stable false positive. | ai | |
| phantom-deps | phantom-dep:react-dom | AI (phantom-deps): Re-exported peer dep; phantom-dep heuristic fires on config references, not a real missing import. | ai | |
| phantom-deps | phantom-dep:@walletconnect/universal-provider | AI (phantom-deps): Used in connector lib; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@reown/appkit | AI (phantom-deps): Declared runtime dep used via re-exports/config; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:tailwind-merge | AI (phantom-deps): Utility dep used in build output; phantom-dep heuristic is a false positive here. | ai | |
| phantom-deps | phantom-dep:@reown/appkit-common | AI (phantom-deps): Transitive dep used indirectly; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@wallet-standard/app | AI (phantom-deps): Wallet standard dep used via connector; stable false positive. | ai |
Versions (showing 37 of 37)
| Version | Deps | Published |
|---|---|---|
| 3.0.7 | 18 / 15 | |
| 3.0.6 | 18 / 15 | |
| 3.0.5 | 18 / 15 | |
| 3.0.4 | 18 / 15 | |
| 3.0.3 | 18 / 15 | |
| 3.0.2 | 18 / 15 | |
| 3.0.1 | 18 / 15 | |
| 3.0.0 | 18 / 15 | |
| 2.0.33 | 18 / 15 | |
| 2.0.32 | 18 / 15 | |
| 2.0.31 | 18 / 15 | |
| 2.0.30 | 18 / 15 | |
| 2.0.29 | 18 / 15 | |
| 2.0.28 | 16 / 15 | |
| 2.0.27 | 16 / 15 | |
| 2.0.26 | 16 / 15 | |
| 2.0.25 | 16 / 15 | |
| 2.0.24 | 16 / 15 | |
| 2.0.23 | 16 / 15 | |
| 2.0.22 | 16 / 15 | |
| 2.0.21 | 16 / 15 | |
| 2.0.20 | 16 / 15 | |
| 2.0.19 | 16 / 15 | |
| 2.0.18 | 16 / 15 | |
| 2.0.17 | 16 / 15 | |
| 2.0.16 | 16 / 15 | |
| 2.0.15 | 16 / 15 | |
| 2.0.14 | 15 / 15 | |
| 2.0.13 | 15 / 15 | |
| 2.0.12 | 16 / 15 | |
| 2.0.11 | 16 / 15 | |
| 2.0.10 | 16 / 15 | |
| 2.0.6 | 17 / 15 | |
| 2.0.4 | 17 / 15 | |
| 0.4.0 | 17 / 15 | |
| 0.1.83 | 16 / 15 | |
| 0.1.81 | 17 / 15 |
v3.0.7
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.0.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.0.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.0.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.0.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.33
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.32
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.31
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.30
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.29
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.28
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.27
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.26
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.25
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.24
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.23
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.22
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.21
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.20
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.19
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.18
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.17
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.0.16
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.0.15
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.14
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.13
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.12
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.11
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.0.10
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.0.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.0.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.4.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.83
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.81
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.