← Home

@telnyx/ai-agent-widget

npm

A widget for Telnyx AI Agent

42
Versions
MIT
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

team-telnyxfrontend-squad-telnyxdanilo-telnyxlucasassisrosarudra-telnyxisaad3v

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
phantom-deps phantom-dep:@telnyx/webrtc AI (phantom-deps): Same org scope; likely bundled or used indirectly via build config rather than direct import. ai
maintainer-change maintainer-added AI (maintainer-change): New maintainers are within the Telnyx org; consistent with normal team growth for this package. ai
dependencies unvetted-dep:audiomotion-analyzer AI (dependencies): audiomotion-analyzer is a legitimate, established audio visualization library; stable addition for this package. ai
bogus-package bogus-package AI (bogus-package): Telnyx org package; missing repo/keywords typical of embedded widget, not spam. ai
phantom-deps phantom-dep:loglevel AI (phantom-deps): Bundled widget; deps consumed at build time, not imported as ESM — stable false positive. ai
phantom-deps phantom-dep:lucide-preact AI (phantom-deps): Bundled widget; deps consumed at build time, not imported as ESM — stable false positive. ai
phantom-deps phantom-dep:@fontsource/inter AI (phantom-deps): Bundled widget; deps consumed at build time, not imported as ESM — stable false positive. ai
phantom-deps phantom-dep:clsx AI (phantom-deps): Bundled widget; deps consumed at build time, not imported as ESM — stable false positive. ai
phantom-deps phantom-dep:audiomotion-analyzer AI (phantom-deps): Bundled widget; deps consumed at build time, not imported as ESM — stable false positive. ai
phantom-deps phantom-dep:preact-custom-element AI (phantom-deps): Bundled widget; deps consumed at build time, not imported as ESM — stable false positive. ai
phantom-deps phantom-dep:@telnyx/ai-agent-lib AI (phantom-deps): Same org dep bundled at build time — stable false positive. ai
phantom-deps phantom-dep:jotai AI (phantom-deps): Bundled widget; deps consumed at build time, not imported as ESM — stable false positive. ai
phantom-deps phantom-dep:motion AI (phantom-deps): Bundled widget; deps consumed at build time, not imported as ESM — stable false positive. ai
phantom-deps phantom-dep:preact AI (phantom-deps): Bundled widget; deps consumed at build time, not imported as ESM — stable false positive. ai

Versions (showing 42 of 42)

Version Deps Published
0.33.7 10 / 22
0.33.6 10 / 22
0.33.5 10 / 22
0.33.4 10 / 22
0.33.3 10 / 21
0.33.1 10 / 21
0.33.0 10 / 21
0.32.4 10 / 21
0.32.2 10 / 21
0.32.1 10 / 21
0.31.3 10 / 21
0.31.2 10 / 21
0.31.1 10 / 21
0.31.0 10 / 22
0.30.0 10 / 22
0.29.0 10 / 22
0.28.0 10 / 22
0.27.0 10 / 22
0.26.0 10 / 22
0.25.0 9 / 22
0.23.0 9 / 21
0.22.0 9 / 21
0.21.0 9 / 21
0.19.0 9 / 21
0.18.0 9 / 21
0.17.0 9 / 21
0.16.0 9 / 21
0.15.0 9 / 21
0.14.0 9 / 21
0.13.0 9 / 21
0.12.0 9 / 21
0.11.0 9 / 21
0.10.0 9 / 21
0.9.0 9 / 21
0.8.0 9 / 21
0.7.0 9 / 21
0.6.0 9 / 21
0.5.0 9 / 21
0.4.0 6 / 21
0.3.0 5 / 21
0.2.0 5 / 21
0.1.0 5 / 21

v0.33.7

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.33.6

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.33.5

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.33.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.33.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.33.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.33.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.32.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.32.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.32.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.31.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.31.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.31.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.31.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.30.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.29.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.28.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.27.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.26.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.25.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.23.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.22.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.21.0

2 findings
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: frontend-squad-telnyx → team-telnyx (on 2025-11-06, known maintainer) provenance

This version was published by a different npm account (team-telnyx) than the most recent previously approved version (frontend-squad-telnyx) on 2025-11-06, but team-telnyx is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.

v0.19.0

2 findings
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: frontend-squad-telnyx → team-telnyx (on 2025-11-03, known maintainer) provenance

This version was published by a different npm account (team-telnyx) than the most recent previously approved version (frontend-squad-telnyx) on 2025-11-03, but team-telnyx is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.

v0.18.0

2 findings
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: frontend-squad-telnyx → team-telnyx (on 2025-10-28, known maintainer) provenance

This version was published by a different npm account (team-telnyx) than the most recent previously approved version (frontend-squad-telnyx) on 2025-10-28, but team-telnyx is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.

v0.17.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.16.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.15.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.14.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.13.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.12.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.11.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.10.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.9.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.8.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.7.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.6.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.5.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.4.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.2.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.