@times-components/article-main-comment
Main Comment Article Template
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:@times-components/ad | AI (phantom-deps): Same-org monorepo dep; used transitively, not a phantom in the malicious sense. | ai | |
| phantom-deps | phantom-dep:@times-components/responsive | AI (phantom-deps): Same-org monorepo dep; used transitively, not a phantom in the malicious sense. | ai | |
| phantom-deps | phantom-dep:@times-components/user-state | AI (phantom-deps): Same-org monorepo dep; used transitively, not a phantom in the malicious sense. | ai |
Versions (showing 51 of 107)
| Version | Deps | Published |
|---|---|---|
| 2.102.80 | 15 / 19 | |
| 2.102.79 | 15 / 19 | |
| 2.102.78 | 15 / 19 | |
| 2.102.77 | 15 / 19 | |
| 2.102.76 | 15 / 19 | |
| 2.102.74 | 15 / 19 | |
| 2.102.73 | 15 / 19 | |
| 2.102.72 | 15 / 19 | |
| 2.102.71 | 15 / 19 | |
| 2.102.70 | 15 / 19 | |
| 2.102.59 | 15 / 19 | |
| 2.102.58 | 15 / 19 | |
| 2.102.57 | 15 / 19 | |
| 2.102.56 | 15 / 19 | |
| 2.102.55 | 15 / 19 | |
| 2.102.54 | 15 / 19 | |
| 2.102.51 | 15 / 19 | |
| 2.102.50 | 15 / 19 | |
| 2.102.49 | 15 / 19 | |
| 2.102.48 | 15 / 19 | |
| 2.102.47 | 15 / 19 | |
| 2.102.46 | 15 / 19 | |
| 2.102.45 | 15 / 19 | |
| 2.102.44 | 15 / 19 | |
| 2.102.43 | 15 / 19 | |
| 2.102.42 | 15 / 19 | |
| 2.102.41 | 15 / 19 | |
| 2.102.40 | 15 / 19 | |
| 2.102.39 | 15 / 19 | |
| 2.102.38 | 15 / 19 | |
| 2.102.37 | 15 / 19 | |
| 2.102.36 | 15 / 19 | |
| 2.102.35 | 15 / 19 | |
| 2.102.34 | 15 / 19 | |
| 2.102.33 | 15 / 19 | |
| 2.102.32 | 15 / 19 | |
| 2.102.31 | 15 / 19 | |
| 2.102.30 | 15 / 19 | |
| 2.102.29 | 15 / 19 | |
| 2.102.28 | 15 / 19 | |
| 2.102.27 | 15 / 19 | |
| 2.102.26 | 15 / 19 | |
| 2.102.25 | 15 / 19 | |
| 2.102.24 | 15 / 19 | |
| 2.102.23 | 15 / 19 | |
| 2.102.22 | 15 / 19 | |
| 2.102.21 | 15 / 19 | |
| 2.102.20 | 15 / 19 | |
| 2.102.19 | 15 / 19 | |
| 2.102.18 | 15 / 19 | |
| 2.102.17 | 15 / 19 |
v2.102.80
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.102.79
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.102.78
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.102.77
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.102.76
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.102.74
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.102.73
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.102.72
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.102.71
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.102.70
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.102.59
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.102.58
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.102.57
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.102.56
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.102.55
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.102.54
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.102.51
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.102.50
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.102.49
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.102.48
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.102.47
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.102.46
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.102.45
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.102.44
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.102.43
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.102.42
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.102.41
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.102.40
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.102.39
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.102.38
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.102.37
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.102.36
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.102.35
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.102.34
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.102.33
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.102.32
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.102.31
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.102.30
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.102.29
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.102.28
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.102.27
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.102.26
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.102.25
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.102.24
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.102.23
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.102.22
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.102.21
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.102.20
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.102.19
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.102.18
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.102.17
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.