← Home

@things-factory/board-ui

npm Repository

Consist of board modeller to design dashboard, board player to play dashboard and board viewer to view dashboard.

10
Versions
MIT
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

woo_ramjyp220heartyohhorwengliang95nalshya113shortstopyoungwookwengliang95

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
phantom-deps phantom-dep:@operato/popup AI (phantom-deps): Config-referenced dep in this web component package; stable false positive. ai
phantom-deps phantom-dep:@polymer/paper-listbox AI (phantom-deps): Polymer web component; loaded via config/HTML, not direct JS import. ai
phantom-deps phantom-dep:@polymer/paper-icon-button AI (phantom-deps): Polymer web component; loaded via config/HTML, not direct JS import. ai
phantom-deps phantom-dep:@polymer/paper-dropdown-menu AI (phantom-deps): Polymer web component; loaded via config/HTML, not direct JS import. ai
phantom-deps phantom-dep:@things-factory/modeller-ui AI (phantom-deps): Same-org sibling package; phantom-dep heuristic unreliable for monorepo peers. ai
phantom-deps phantom-dep:@polymer/paper-menu-button AI (phantom-deps): Polymer web component; loaded via config/HTML, not direct JS import. ai
semgrep semgrep:dynamic-require AI (semgrep): Migration-loader pattern: iterates migration files in a directory and requires each — standard TypeORM migration index pattern. ai
phantom-deps phantom-dep:file-saver AI (phantom-deps): Web component deps often referenced via config/HTML imports rather than direct JS imports; stable false positive for this package. ai
phantom-deps phantom-dep:sortablejs AI (phantom-deps): Same as above — config-referenced dep, not a direct JS import. ai
phantom-deps phantom-dep:@polymer/iron-icon AI (phantom-deps): Polymer web component; loaded via config/HTML, not direct JS import. ai
phantom-deps phantom-dep:@polymer/iron-icons AI (phantom-deps): Polymer web component; loaded via config/HTML, not direct JS import. ai
phantom-deps phantom-dep:@polymer/paper-item AI (phantom-deps): Polymer web component; loaded via config/HTML, not direct JS import. ai
phantom-deps phantom-dep:@polymer/paper-button AI (phantom-deps): Polymer web component; loaded via config/HTML, not direct JS import. ai
phantom-deps phantom-dep:@polymer/paper-slider AI (phantom-deps): Polymer web component; loaded via config/HTML, not direct JS import. ai
phantom-deps phantom-dep:@operato/app AI (phantom-deps): Config-file-only reference in a monorepo component; stable false positive. ai
phantom-deps phantom-dep:@operato/help AI (phantom-deps): Config-file-only reference in a monorepo component; stable false positive. ai
phantom-deps phantom-dep:@things-factory/barcode-base AI (phantom-deps): Same-org sibling dep; phantom-dep heuristic unreliable for monorepo packages. ai
bogus-package bogus-package AI (bogus-package): Monorepo UI component; empty server entry and sparse README are structural, not spam indicators. ai

Versions (showing 10 of 10)

Version Deps Published
9.2.19 19 / 0
8.0.74 18 / 0
8.0.73 18 / 0
8.0.64 18 / 0
8.0.63 18 / 0
6.4.11 19 / 0
6.4.8 19 / 0
4.3.729 21 / 0
4.3.727 21 / 0
4.3.705 21 / 0

v8.0.74

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v8.0.73

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v8.0.64

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v8.0.63

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v6.4.11

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v6.4.8

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.3.729

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.3.727

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.3.705

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.