← Home

@tarojs/plugin-platform-harmony-cpp

npm Repository Homepage

鸿蒙系统插件 C-API 版本

13
Versions
MIT
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

yuchexuanzebindefaultleedrchankyjoqq592743779advancedcatbaosiqingzakaryliuzejiavasily.cjjhardenzheng2

Keywords

taroharmony

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
phantom-deps phantom-dep:@tarojs/parse-css-to-stylesheet AI (phantom-deps): Same-org package; stable for this plugin. ai
phantom-deps phantom-dep:@rollup/plugin-commonjs AI (phantom-deps): Rollup plugin loaded by convention. ai
phantom-deps phantom-dep:@types/react-reconciler AI (phantom-deps): Framework-scoped type package loaded by convention. ai
phantom-deps phantom-dep:@rollup/plugin-node-resolve AI (phantom-deps): Rollup plugin loaded by convention. ai
phantom-deps phantom-dep:rollup-plugin-node-externals AI (phantom-deps): Rollup plugin referenced in config files. ai
phantom-deps phantom-dep:rollup AI (phantom-deps): Build tool plugin; rollup referenced in config files as expected. ai
phantom-deps phantom-dep:fast-glob AI (phantom-deps): Build tool dependency; referenced in config files. ai
phantom-deps phantom-dep:@babel/core AI (phantom-deps): Framework-scoped package loaded by convention in build tools. ai
phantom-deps phantom-dep:@types/react AI (phantom-deps): Framework-scoped type package loaded by convention. ai
phantom-deps phantom-dep:@tarojs/service AI (phantom-deps): Same-org package; stable for this plugin. ai
phantom-deps phantom-dep:react-reconciler AI (phantom-deps): Build tool dependency; referenced in config files. ai
phantom-deps phantom-dep:rollup-plugin-ts AI (phantom-deps): Rollup plugin referenced in config files. ai
phantom-deps phantom-dep:@babel/preset-env AI (phantom-deps): Framework-scoped package loaded by convention. ai
phantom-deps phantom-dep:rollup-plugin-dts AI (phantom-deps): Rollup plugin referenced in config files. ai
phantom-deps phantom-dep:@rollup/plugin-json AI (phantom-deps): Rollup plugin loaded by convention. ai
phantom-deps phantom-dep:@rollup/plugin-alias AI (phantom-deps): Rollup plugin loaded by convention. ai
phantom-deps phantom-dep:@rollup/plugin-replace AI (phantom-deps): Rollup plugin loaded by convention. ai
phantom-deps phantom-dep:scheduler AI (phantom-deps): React ecosystem peer; stable false positive for this Taro plugin. ai
phantom-deps phantom-dep:@tarojs/react AI (phantom-deps): Same-org sibling dep; phantom-dep heuristic false positive for monorepo package. ai
phantom-deps phantom-dep:@tarojs/runner-utils AI (phantom-deps): Same-org sibling dep; phantom-dep heuristic false positive for monorepo package. ai
phantom-deps phantom-dep:react-dom AI (phantom-deps): Declared as runtime dep for Harmony React renderer; phantom-dep heuristic false positive for this package. ai

Versions (showing 13 of 13)

Version Deps Published
4.2.0 11 / 27
4.1.11 11 / 27
4.1.10 11 / 27
4.1.9 11 / 27
4.1.8 11 / 28
4.1.7 11 / 28
4.1.6 11 / 28
4.1.5 11 / 28
4.1.4 20 / 23
4.1.3 16 / 25
4.1.2 22 / 21
4.1.1 22 / 21
4.1.0 22 / 21

v4.2.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.1.11

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.1.10

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.1.9

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.1.8

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.1.7

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.1.6

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.1.5

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.1.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.1.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.1.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.1.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.1.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.