@taiga-ui/jest-config
Taiga UI jest config
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:dynamic-require | AI (semgrep): Resolves a fixed local path './jest.config.js'; not arbitrary module loading. | ai | |
| phantom-deps | phantom-dep:jest | AI (phantom-deps): jest is a peer/framework dep declared for consumers; stable false positive for this config package. | ai | |
| phantom-deps | phantom-dep:@types/jest | AI (phantom-deps): Type-only framework dep loaded by convention; stable false positive for this config package. | ai | |
| provenance | publisher-changed | AI (provenance): New publisher splincode is a listed contributor in package.json; consistent with internal team handoff in taiga-family org. | ai |
Versions (showing 51 of 200)
| Version | Deps | Published |
|---|---|---|
| 0.537.0 | 0 / 0 | |
| 0.536.0 | 0 / 0 | |
| 0.535.0 | 0 / 0 | |
| 0.534.0 | 0 / 0 | |
| 0.533.0 | 0 / 0 | |
| 0.532.0 | 0 / 0 | |
| 0.531.0 | 0 / 0 | |
| 0.530.0 | 0 / 0 | |
| 0.529.0 | 0 / 0 | |
| 0.528.0 | 0 / 0 | |
| 0.527.0 | 0 / 0 | |
| 0.526.0 | 0 / 0 | |
| 0.525.0 | 0 / 0 | |
| 0.524.0 | 0 / 0 | |
| 0.523.0 | 0 / 0 | |
| 0.522.0 | 0 / 0 | |
| 0.521.0 | 0 / 0 | |
| 0.520.0 | 0 / 0 | |
| 0.519.0 | 0 / 0 | |
| 0.518.0 | 0 / 0 | |
| 0.517.0 | 0 / 0 | |
| 0.516.0 | 0 / 0 | |
| 0.515.0 | 0 / 0 | |
| 0.514.0 | 0 / 0 | |
| 0.513.0 | 0 / 0 | |
| 0.512.0 | 0 / 0 | |
| 0.511.0 | 0 / 0 | |
| 0.510.0 | 0 / 0 | |
| 0.509.0 | 0 / 0 | |
| 0.508.0 | 0 / 0 | |
| 0.507.0 | 0 / 0 | |
| 0.506.0 | 0 / 0 | |
| 0.505.0 | 0 / 0 | |
| 0.504.0 | 0 / 0 | |
| 0.503.0 | 0 / 0 | |
| 0.502.0 | 0 / 0 | |
| 0.501.0 | 0 / 0 | |
| 0.500.0 | 0 / 0 | |
| 0.499.0 | 0 / 0 | |
| 0.498.0 | 0 / 0 | |
| 0.497.0 | 0 / 0 | |
| 0.496.0 | 0 / 0 | |
| 0.495.0 | 0 / 0 | |
| 0.494.0 | 0 / 0 | |
| 0.493.0 | 0 / 0 | |
| 0.492.0 | 0 / 0 | |
| 0.491.0 | 0 / 0 | |
| 0.490.0 | 0 / 0 | |
| 0.489.0 | 0 / 0 | |
| 0.488.0 | 0 / 0 | |
| 0.487.0 | 0 / 0 |
v0.537.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.536.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.535.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.534.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.533.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.532.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.531.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.530.0
2 findingsPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (nsbarsukov) than the most recent previously approved version (vladimir.potekhin) on 2026-05-22, but nsbarsukov is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v0.529.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.528.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.527.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.526.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.525.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.524.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.523.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.522.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.521.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.520.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.519.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.518.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.517.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.516.0
2 findingsPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version was published by a different npm account than previous versions on 2026-05-10. This could indicate a legitimate maintainer transition or an account compromise.
v0.515.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.514.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.513.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.512.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.511.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.510.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.509.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.508.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.507.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.506.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.505.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.504.0
2 findingsPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version was published by a different npm account than previous versions on 2026-05-05. This could indicate a legitimate maintainer transition or an account compromise.
v0.503.0
2 findingsPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version was published by a different npm account than previous versions on 2026-05-04. This could indicate a legitimate maintainer transition or an account compromise.
v0.502.0
2 findingsPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version was published by a different npm account than previous versions on 2026-05-04. This could indicate a legitimate maintainer transition or an account compromise.
v0.501.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.500.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.499.0
2 findingsThis version was published by a different npm account than previous versions on 2026-05-03. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.498.0
2 findingsThis version was published by a different npm account than previous versions on 2026-05-03. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.497.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.496.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.495.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.494.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.493.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.492.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.491.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.488.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.487.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.