@syncfusion/ej2-navigations

A package of Essential JS 2 navigation components such as Tree-view, Tab, Toolbar, Context-menu, and Accordion which is used to navigate from one page to another

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

syncfusionorgessentialjs2syncfusion-javascript

Keywords

ej2syncfusionweb-componentsjavascripttypescriptmodeltoolbarhorizontal-scrollribbonnavbarnavigation-bartoolbar-customizationscrollable-toolbartoolbar-popupmultirow-toolbarextended-toolbaroverflowcommand-buttonsaccordionpanelbarejTabtabtabStripscrollable-tabpopup-tabmultirow-tabheader-orientationclose-tabtab-wizardtab-with-menuejAccordionaccordionaccordion-wizardmultiple-open-panel-barmultiple-open-accordionpanel-barcollapsible-panel-barcontext-menucontext menucontextmenuej2 contextmenutreeviewtreeej2-treeviewtree structurehierarchical structuretree navigationtreeview-checkboxdrag and droptree editingload on demandaccordion treesidebardock sizeshowbackdroptargetpositiondockgesturessticky-sidebarfixedhamburgersidenavnavhamburger-menuside-menunavigation-barstickydrawerslidebarslideslide-panelmultiple-sidebarslide-navigationnavigation-drawerbreadcrumbbreadcrumb navigationbreadcrumb trailej2 breadcrumbnavigation linksnavigational aidprevious page navigationcurrent page hierarchycurrent page locationpath of urltrace page locationlist of breadcrumb links

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
dependencies	unvetted-dep:@syncfusion/ej2-base	AI (dependencies): Sibling Syncfusion package at matching version; expected monorepo dependency pattern.	ai	2026/05/14
dependencies	unvetted-dep:@syncfusion/ej2-data	AI (dependencies): Sibling Syncfusion package at matching version; expected monorepo dependency pattern.	ai	2026/05/14
dependencies	unvetted-dep:@syncfusion/ej2-lists	AI (dependencies): Sibling Syncfusion package at matching version; expected monorepo dependency pattern.	ai	2026/05/14
dependencies	unvetted-dep:@syncfusion/ej2-inputs	AI (dependencies): Sibling Syncfusion package at matching version; expected monorepo dependency pattern.	ai	2026/05/14
dependencies	unvetted-dep:@syncfusion/ej2-popups	AI (dependencies): Sibling Syncfusion package at matching version; expected monorepo dependency pattern.	ai	2026/05/14
dependencies	unvetted-dep:@syncfusion/ej2-buttons	AI (dependencies): Sibling Syncfusion package at matching version; expected monorepo dependency pattern.	ai	2026/05/14
bogus-package	bogus-package	AI (bogus-package): Syncfusion's marketing-heavy READMEs with many links are a known pattern across their entire component suite, not phishing.	ai	2026/05/14