@times-components/ad
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| typosquat | typosquat.levenshtein:pg | AI (typosquat): Scoped @times-components package; no relation to 'pg'; stable false positive. | ai | |
| typosquat | typosquat.levenshtein:qs | AI (typosquat): Scoped @times-components package; no relation to 'qs'; stable false positive. | ai | |
| typosquat | typosquat.levenshtein:zod | AI (typosquat): Scoped @times-components package; no relation to 'zod'; stable false positive. | ai | |
| typosquat | typosquat.levenshtein:ajv | AI (typosquat): Scoped @times-components package; no relation to 'ajv'; stable false positive. | ai |
Versions (showing 47 of 47)
| Version | Deps | Published |
|---|---|---|
| 2.24.15 | 4 / 21 | |
| 2.24.14 | 4 / 21 | |
| 2.24.13 | 4 / 21 | |
| 2.24.12 | 4 / 21 | |
| 2.24.11 | 4 / 21 | |
| 2.24.10 | 4 / 21 | |
| 2.24.9 | 4 / 21 | |
| 2.24.8 | 4 / 21 | |
| 2.24.7 | 4 / 21 | |
| 2.24.6 | 4 / 21 | |
| 2.24.5 | 4 / 21 | |
| 2.24.4 | 4 / 21 | |
| 2.24.3 | 4 / 21 | |
| 2.24.2 | 4 / 21 | |
| 2.24.1 | 4 / 21 | |
| 2.24.0 | 4 / 21 | |
| 2.23.30 | 4 / 21 | |
| 2.23.29 | 4 / 21 | |
| 2.23.28 | 4 / 21 | |
| 2.23.27 | 4 / 21 | |
| 2.23.26 | 4 / 21 | |
| 2.23.25 | 4 / 21 | |
| 2.23.24 | 4 / 21 | |
| 2.23.23 | 4 / 21 | |
| 2.23.22 | 4 / 21 | |
| 2.23.21 | 4 / 21 | |
| 2.23.20 | 4 / 21 | |
| 2.23.19 | 4 / 21 | |
| 2.23.18 | 4 / 21 | |
| 2.23.17 | 4 / 21 | |
| 2.23.16 | 4 / 21 | |
| 2.23.15 | 4 / 21 | |
| 2.23.14 | 4 / 21 | |
| 2.23.13 | 4 / 21 | |
| 2.23.12 | 4 / 21 | |
| 2.23.11 | 4 / 21 | |
| 2.23.10 | 4 / 21 | |
| 2.23.9 | 4 / 21 | |
| 2.23.8 | 4 / 21 | |
| 2.23.7 | 4 / 21 | |
| 2.23.6 | 4 / 21 | |
| 2.23.5 | 4 / 21 | |
| 2.23.4 | 4 / 21 | |
| 2.23.3 | 4 / 21 | |
| 2.23.2 | 4 / 21 | |
| 2.23.1 | 4 / 21 | |
| 2.23.0 | 4 / 21 |
v2.24.15
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.24.14
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.24.13
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.24.12
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.24.11
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.24.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.24.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.24.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.24.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.24.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.24.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.24.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.24.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.24.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.24.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.24.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.23.30
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.23.29
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.23.28
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.23.27
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.23.26
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.23.25
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.23.24
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.23.23
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.23.22
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.23.21
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.23.20
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.23.19
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.23.18
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.23.17
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.23.16
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.23.15
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.23.14
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.23.13
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.23.12
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.23.11
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.23.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.23.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.23.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.23.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.23.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.23.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.23.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.23.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.23.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.23.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.23.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.