@taiga-ui/stylelint-config
Taiga UI stylelint config
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:stylelint-plugin-use-baseline | AI (dependencies): Stylelint plugin used as a config dependency; no malicious indicators, stable pattern for this package. | ai | |
| provenance | no-provenance | AI (provenance): Established Taiga UI toolkit package; provenance not yet enabled but no other risk signals present. | ai | |
| phantom-deps | phantom-dep:postcss-less | AI (phantom-deps): Config-only package; deps referenced in config files, not JS imports. Expected pattern. | ai | |
| phantom-deps | phantom-dep:stylelint-order | AI (phantom-deps): Config-only package; deps referenced in config files, not JS imports. Expected pattern. | ai | |
| phantom-deps | phantom-dep:stylelint-rem-over-px | AI (phantom-deps): Config-only package; deps referenced in config files, not JS imports. Expected pattern. | ai | |
| phantom-deps | phantom-dep:stylelint-use-logical | AI (phantom-deps): Config-only package; deps referenced in config files, not JS imports. Expected pattern. | ai | |
| phantom-deps | phantom-dep:stylelint-config-standard | AI (phantom-deps): Config-only package; deps referenced in config files, not JS imports. Expected pattern. | ai | |
| phantom-deps | phantom-dep:@stylistic/stylelint-plugin | AI (phantom-deps): Config-only package; deps referenced in config files, not JS imports. Expected pattern. | ai | |
| phantom-deps | phantom-dep:stylelint-plugin-logical-css | AI (phantom-deps): Config-only package; deps referenced in config files, not JS imports. Expected pattern. | ai | |
| phantom-deps | phantom-dep:stylelint-plugin-use-baseline | AI (phantom-deps): Config-only package; deps referenced in config files, not JS imports. Expected pattern. | ai | |
| phantom-deps | phantom-dep:stylelint-no-unsupported-browser-features | AI (phantom-deps): Config-only package; deps referenced in config files, not JS imports. Expected pattern. | ai | |
| phantom-deps | phantom-dep:@stylistic/stylelint-config | AI (phantom-deps): Config-only package; deps referenced in config files, not JS imports. Expected pattern. | ai | |
| phantom-deps | phantom-dep:postcss | AI (phantom-deps): Config-only package; deps referenced in config files, not JS imports. Expected pattern. | ai | |
| provenance | publisher-changed | AI (provenance): splincode is a named contributor in package.json and has a clean track record; transition appears legitimate for this package. | ai |
Versions (showing 51 of 265)
| Version | Deps | Published |
|---|---|---|
| 0.540.0 | 13 / 0 | |
| 0.539.0 | 13 / 0 | |
| 0.538.0 | 13 / 0 | |
| 0.537.0 | 13 / 0 | |
| 0.536.0 | 13 / 0 | |
| 0.535.0 | 13 / 0 | |
| 0.534.0 | 13 / 0 | |
| 0.533.0 | 13 / 0 | |
| 0.532.0 | 13 / 0 | |
| 0.531.0 | 13 / 0 | |
| 0.530.0 | 13 / 0 | |
| 0.529.0 | 13 / 0 | |
| 0.528.0 | 13 / 0 | |
| 0.527.0 | 13 / 0 | |
| 0.526.0 | 13 / 0 | |
| 0.525.0 | 13 / 0 | |
| 0.524.0 | 13 / 0 | |
| 0.523.0 | 13 / 0 | |
| 0.522.0 | 13 / 0 | |
| 0.521.0 | 13 / 0 | |
| 0.520.0 | 0 / 0 | |
| 0.519.0 | 0 / 0 | |
| 0.518.0 | 0 / 0 | |
| 0.517.0 | 0 / 0 | |
| 0.516.0 | 0 / 0 | |
| 0.515.0 | 0 / 0 | |
| 0.514.0 | 0 / 0 | |
| 0.513.0 | 0 / 0 | |
| 0.512.0 | 0 / 0 | |
| 0.511.0 | 0 / 0 | |
| 0.510.0 | 0 / 0 | |
| 0.509.0 | 0 / 0 | |
| 0.508.0 | 0 / 0 | |
| 0.507.0 | 0 / 0 | |
| 0.506.0 | 0 / 0 | |
| 0.505.0 | 0 / 0 | |
| 0.504.0 | 0 / 0 | |
| 0.503.0 | 0 / 0 | |
| 0.502.0 | 0 / 0 | |
| 0.501.0 | 0 / 0 | |
| 0.500.0 | 0 / 0 | |
| 0.499.0 | 0 / 0 | |
| 0.498.0 | 0 / 0 | |
| 0.497.0 | 0 / 0 | |
| 0.496.0 | 0 / 0 | |
| 0.495.0 | 0 / 0 | |
| 0.494.0 | 0 / 0 | |
| 0.493.0 | 0 / 0 | |
| 0.492.0 | 0 / 0 | |
| 0.491.0 | 0 / 0 | |
| 0.490.0 | 0 / 0 |
v0.540.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.539.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.538.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.537.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.536.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.535.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.534.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.533.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.532.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.531.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.530.0
2 findings[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (nsbarsukov) than the most recent previously approved version (vladimir.potekhin) on 2026-05-22, but nsbarsukov is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v0.529.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.528.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.527.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.526.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.525.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.524.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.523.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.522.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.521.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.520.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.519.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.518.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.517.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.516.0
2 findingsPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version was published by a different npm account than previous versions on 2026-05-10. This could indicate a legitimate maintainer transition or an account compromise.
v0.515.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.514.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.513.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.512.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.511.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.510.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.509.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.508.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.507.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.506.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.505.0
2 findingsPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version was published by a different npm account than previous versions on 2026-05-05. This could indicate a legitimate maintainer transition or an account compromise.
v0.504.0
2 findingsPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version was published by a different npm account than previous versions on 2026-05-05. This could indicate a legitimate maintainer transition or an account compromise.
v0.503.0
2 findingsPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version was published by a different npm account than previous versions on 2026-05-04. This could indicate a legitimate maintainer transition or an account compromise.
v0.502.0
2 findingsPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version was published by a different npm account than previous versions on 2026-05-04. This could indicate a legitimate maintainer transition or an account compromise.
v0.501.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.500.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.499.0
2 findingsThis version was published by a different npm account than previous versions on 2026-05-03. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.498.0
2 findingsThis version was published by a different npm account than previous versions on 2026-05-03. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.497.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.496.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.495.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.494.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.493.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.492.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.491.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.