@tellescope/react-components
Shared UI components designed with support for React and React Native in mind. To be used across Tellescope web apps and open-sourced modules.
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:nodemon | AI (phantom-deps): Dev tooling; not imported at runtime. Stable false positive. | ai | |
| phantom-deps | phantom-dep:eslint | AI (phantom-deps): Dev/config-only tool; not a runtime import, stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:eslint-plugin-react | AI (phantom-deps): Dev/config-only tool; not a runtime import, stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@typescript-eslint/parser | AI (phantom-deps): Dev/config-only tool; not a runtime import, stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@typescript-eslint/eslint-plugin | AI (phantom-deps): Dev/config-only tool; not a runtime import, stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:react-native-render-html | AI (phantom-deps): Platform-specific React Native dep; not imported in web bundle by design. | ai | |
| phantom-deps | phantom-dep:react-native-vector-icons | AI (phantom-deps): Platform-specific React Native dep; not imported in web bundle by design. | ai |
Versions (showing 12 of 12)
| Version | Deps | Published |
|---|---|---|
| 1.251.0 | 34 / 14 | |
| 1.249.1 | 33 / 14 | |
| 1.248.0 | 33 / 14 | |
| 1.228.0 | 36 / 10 | |
| 1.225.0 | 36 / 10 | |
| 1.217.0 | 36 / 10 | |
| 1.215.0 | 36 / 10 | |
| 1.212.0 | 36 / 10 | |
| 1.211.0 | 37 / 10 | |
| 1.208.0 | 37 / 10 | |
| 1.204.2 | 37 / 10 | |
| 1.199.0 | 37 / 10 |
v1.251.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.249.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.248.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.228.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.225.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.217.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.215.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.212.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.211.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.208.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.204.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.199.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.