@tenancy.nz/ui
Library of React UI components for tenancy.co.nz apps.
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:react-image-crop | AI (phantom-deps): Component dep used in build artifacts; false positive. | ai | |
| phantom-deps | phantom-dep:react-dom | AI (phantom-deps): Standard peer dep for React component library; not directly imported in source. | ai | |
| phantom-deps | phantom-dep:@mui/material | AI (phantom-deps): MUI component library dep used in distributed build artifacts; phantom-dep is a false positive here. | ai | |
| phantom-deps | phantom-dep:@mui/x-date-pickers | AI (phantom-deps): MUI date pickers dep used in distributed build artifacts; false positive. | ai | |
| phantom-deps | phantom-dep:dayjs | AI (phantom-deps): Date utility used in distributed build artifacts; false positive for this component library. | ai | |
| phantom-deps | phantom-dep:mime | AI (phantom-deps): Utility dep used in build artifacts; false positive. | ai | |
| phantom-deps | phantom-dep:prop-types | AI (phantom-deps): Standard React prop-types dep; false positive for component library. | ai | |
| phantom-deps | phantom-dep:react-uuid | AI (phantom-deps): Utility dep used in build artifacts; false positive. | ai | |
| phantom-deps | phantom-dep:react-dropzone | AI (phantom-deps): Component dep used in build artifacts; false positive. | ai | |
| phantom-deps | phantom-dep:react | AI (phantom-deps): React component library; react is a peer dep used in build artifacts, not directly imported in source. | ai | |
| typosquat | typosquat.levenshtein:pg | AI (typosquat): Same false positive pattern — scoped package name not a typosquat of 'pg'. | ai | |
| typosquat | typosquat.levenshtein:qs | AI (typosquat): Same false positive pattern — scoped package name not a typosquat of 'qs'. | ai | |
| typosquat | typosquat.levenshtein:joi | AI (typosquat): Same false positive pattern — scoped package name not a typosquat of 'joi'. | ai | |
| typosquat | typosquat.levenshtein:yup | AI (typosquat): Same false positive pattern — scoped package name not a typosquat of 'yup'. | ai | |
| phantom-deps | phantom-dep:jss | AI (phantom-deps): jss is a declared runtime dep used via config files; phantom-dep heuristic fires but it's a stable false positive for this UI library. | ai | |
| phantom-deps | phantom-dep:libphonenumber-js | AI (phantom-deps): libphonenumber-js declared as runtime dep; config-file-only reference is a known heuristic limitation. | ai | |
| phantom-deps | phantom-dep:react-file-viewer | AI (phantom-deps): react-file-viewer declared as runtime dep; phantom-dep heuristic fires on config-only reference, stable false positive. | ai | |
| typosquat | typosquat.levenshtein:uuid | AI (typosquat): Scoped package @tenancy.nz/ui; Levenshtein match to 'uuid' is a false positive for any scoped package with short name. | ai |
Versions (showing 51 of 80)
| Version | Deps | Published |
|---|---|---|
| 1.7.4 | 8 / 0 | |
| 1.7.3 | 8 / 0 | |
| 1.7.2 | 8 / 0 | |
| 1.7.1 | 8 / 0 | |
| 1.7.0 | 8 / 0 | |
| 1.6.7 | 8 / 0 | |
| 1.6.6 | 8 / 0 | |
| 1.6.5 | 8 / 0 | |
| 1.6.4 | 8 / 0 | |
| 1.6.3 | 8 / 0 | |
| 1.6.2 | 8 / 0 | |
| 1.6.1 | 8 / 0 | |
| 1.6.0 | 8 / 0 | |
| 1.5.9 | 8 / 0 | |
| 1.5.8 | 8 / 0 | |
| 1.5.7 | 8 / 0 | |
| 1.5.6 | 8 / 0 | |
| 1.5.5 | 8 / 0 | |
| 1.5.4 | 8 / 0 | |
| 1.5.3 | 8 / 0 | |
| 1.5.2 | 8 / 0 | |
| 1.5.1 | 8 / 0 | |
| 1.5.0 | 8 / 0 | |
| 1.4.11 | 8 / 0 | |
| 1.4.10 | 8 / 0 | |
| 1.4.9 | 8 / 0 | |
| 1.4.8 | 8 / 0 | |
| 1.4.7 | 8 / 0 | |
| 1.4.6 | 8 / 0 | |
| 1.4.5 | 8 / 0 | |
| 1.4.4 | 8 / 0 | |
| 1.4.3 | 8 / 0 | |
| 1.4.2 | 8 / 0 | |
| 1.4.1 | 8 / 0 | |
| 1.4.0 | 8 / 0 | |
| 1.3.10 | 8 / 0 | |
| 1.3.9 | 8 / 0 | |
| 1.3.8 | 8 / 0 | |
| 1.3.7 | 8 / 0 | |
| 1.3.6 | 8 / 0 | |
| 1.3.4 | 8 / 0 | |
| 1.3.3 | 9 / 0 | |
| 1.3.2 | 9 / 0 | |
| 1.3.1 | 9 / 0 | |
| 1.3.0 | 9 / 0 | |
| 1.2.14 | 9 / 0 | |
| 1.2.12 | 9 / 0 | |
| 1.2.11 | 9 / 0 | |
| 1.2.10 | 9 / 0 | |
| 1.2.9 | 9 / 0 | |
| 1.2.8 | 9 / 0 |
v1.7.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.7.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.7.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.7.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.7.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.6.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.6.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.6.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.6.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.6.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.6.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.6.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.5.9
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.5.8
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.5.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.5.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.5.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.5.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.5.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.5.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.5.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.5.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.11
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.10
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.9
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.8
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.4.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.3.10
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.3.9
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.3.8
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.3.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.3.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.3.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.3.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.3.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.3.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.3.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.2.14
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.2.12
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.2.11
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.2.10
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.2.9
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.2.8
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.