@tailor-platform/app-shell
An opinionated React application framework for building ERP applications on Tailor Platform
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:@tailor-platform/auth-public-client | AI (dependencies): First-party @tailor-platform scoped package; same publisher org, stable pattern across versions. | ai | |
| phantom-deps | phantom-dep:@radix-ui/react-collapsible | AI (phantom-deps): Component library shell; deps declared for consumers, referenced in config not direct imports. | ai | |
| phantom-deps | phantom-dep:@radix-ui/react-navigation-menu | AI (phantom-deps): Same as above — bundled Radix UI component. | ai | |
| phantom-deps | phantom-dep:@radix-ui/react-dropdown-menu | AI (phantom-deps): Same as above — bundled Radix UI component. | ai | |
| phantom-deps | phantom-dep:@hookform/resolvers | AI (phantom-deps): Config-file re-export pattern; stable for this component library. | ai | |
| phantom-deps | phantom-dep:@radix-ui/react-popover | AI (phantom-deps): Config-file re-export pattern; stable for this component library. | ai | |
| phantom-deps | phantom-dep:@radix-ui/react-tooltip | AI (phantom-deps): Config-file re-export pattern; stable for this component library. | ai | |
| phantom-deps | phantom-dep:@radix-ui/react-checkbox | AI (phantom-deps): Config-file re-export pattern; stable for this component library. | ai | |
| phantom-deps | phantom-dep:class-variance-authority | AI (phantom-deps): Config-file re-export pattern; stable for this component library. | ai | |
| phantom-deps | phantom-dep:@badgateway/oauth2-client | AI (phantom-deps): Config-file re-export pattern; stable for this component library. | ai | |
| phantom-deps | phantom-dep:@radix-ui/react-separator | AI (phantom-deps): Config-file re-export pattern; stable for this component library. | ai | |
| phantom-deps | phantom-dep:clsx | AI (phantom-deps): Config-file re-export pattern; stable for this component library. | ai | |
| phantom-deps | phantom-dep:urql | AI (phantom-deps): Config-file re-export pattern; stable for this component library. | ai | |
| phantom-deps | phantom-dep:sonner | AI (phantom-deps): Config-file re-export pattern; stable for this component library. | ai | |
| phantom-deps | phantom-dep:@urql/core | AI (phantom-deps): Config-file re-export pattern; stable for this component library. | ai | |
| phantom-deps | phantom-dep:change-case | AI (phantom-deps): Config-file re-export pattern; stable for this component library. | ai | |
| phantom-deps | phantom-dep:lucide-react | AI (phantom-deps): Config-file re-export pattern; stable for this component library. | ai | |
| phantom-deps | phantom-dep:oauth4webapi | AI (phantom-deps): Config-file re-export pattern; stable for this component library. | ai | |
| phantom-deps | phantom-dep:tailwind-merge | AI (phantom-deps): Config-file re-export pattern; stable for this component library. | ai | |
| phantom-deps | phantom-dep:@urql/exchange-auth | AI (phantom-deps): Config-file re-export pattern; stable for this component library. | ai | |
| phantom-deps | phantom-dep:@radix-ui/react-slot | AI (phantom-deps): Config-file re-export pattern; stable for this component library. | ai | |
| phantom-deps | phantom-dep:@radix-ui/react-label | AI (phantom-deps): Config-file re-export pattern; stable for this component library. | ai | |
| phantom-deps | phantom-dep:@radix-ui/react-dialog | AI (phantom-deps): Config-file re-export pattern; stable for this component library. | ai | |
| phantom-deps | phantom-dep:@radix-ui/react-select | AI (phantom-deps): Config-file re-export pattern; stable for this component library. | ai | |
| phantom-deps | phantom-dep:@tanstack/react-table | AI (phantom-deps): Component library pattern; declared as runtime dep and used via config/re-export, not a phantom. | ai | |
| phantom-deps | phantom-dep:next-themes | AI (phantom-deps): Component library re-exports/wraps peer deps; not directly imported in source but legitimately bundled. | ai | |
| phantom-deps | phantom-dep:graphql | AI (phantom-deps): Listed as runtime dep in package.json; used via config/indirect imports in this framework package. | ai | |
| phantom-deps | phantom-dep:es-toolkit | AI (phantom-deps): Listed as runtime dep; indirect/config usage is normal for a bundled framework. | ai | |
| phantom-deps | phantom-dep:react-dom | AI (phantom-deps): Listed as runtime dep and peer dep; referenced in config files as expected for a React framework. | ai | |
| phantom-deps | phantom-dep:react-hook-form | AI (phantom-deps): Listed as runtime dep; indirect/config usage is normal for a bundled framework. | ai |
Versions (showing 34 of 34)
| Version | Deps | Published |
|---|---|---|
| 1.3.0 | 16 / 21 | |
| 1.2.0 | 18 / 19 | |
| 1.1.1 | 18 / 19 | |
| 1.1.0 | 18 / 19 | |
| 1.0.2 | 19 / 19 | |
| 1.0.1 | 19 / 19 | |
| 0.36.0 | 20 / 19 | |
| 0.35.1 | 20 / 19 | |
| 0.35.0 | 20 / 19 | |
| 0.33.0 | 17 / 17 | |
| 0.32.0 | 17 / 17 | |
| 0.31.1 | 17 / 17 | |
| 0.31.0 | 17 / 17 | |
| 0.30.0 | 17 / 17 | |
| 0.29.0 | 17 / 17 | |
| 0.28.0 | 17 / 17 | |
| 0.27.3 | 18 / 17 | |
| 0.27.2 | 18 / 17 | |
| 0.27.1 | 18 / 22 | |
| 0.27.0 | 27 / 22 | |
| 0.26.3 | 26 / 23 | |
| 0.26.2 | 26 / 18 | |
| 0.26.1 | 26 / 18 | |
| 0.26.0 | 26 / 18 | |
| 0.23.0 | 26 / 18 | |
| 0.22.0 | 28 / 18 | |
| 0.21.0 | 28 / 18 | |
| 0.20.0 | 28 / 18 | |
| 0.17.0 | 29 / 15 | |
| 0.16.0 | 29 / 15 | |
| 0.15.0 | 29 / 15 | |
| 0.14.1 | 29 / 15 | |
| 0.14.0 | 30 / 15 | |
| 0.13.0 | 30 / 15 |
v1.3.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.2.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.1.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.1.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.31.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.31.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.30.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.29.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.28.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.27.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.27.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.27.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.27.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.26.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.26.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.26.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.26.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.23.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.22.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.21.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.20.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.17.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.16.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.15.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.14.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.14.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.13.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.