@times-components/ssr
The renderer used to render top level components server side and to create client bundles. Add any "pages" (top level components) here for rendering, by adding a route and the webpack config necessary to create a client bundle.
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | no-provenance | AI (provenance): Established Times Components monorepo; provenance not enabled across the org — stable false positive. | ai | |
| typosquat | typosquat.levenshtein:qs | AI (typosquat): Scoped package @times-components/ssr; Levenshtein match to 'qs' is a false positive for this well-established monorepo package. | ai | |
| phantom-deps | phantom-dep:cypress-wait-until | AI (phantom-deps): cypress-wait-until is a test/integration dependency used in config files, not imported in source; stable false positive for this package. | ai |
Versions (showing 17 of 17)
| Version | Deps | Published |
|---|---|---|
| 2.65.43 | 23 / 15 | |
| 2.65.42 | 23 / 15 | |
| 2.65.40 | 23 / 15 | |
| 2.65.39 | 23 / 15 | |
| 2.65.38 | 23 / 15 | |
| 2.65.37 | 23 / 15 | |
| 2.65.36 | 23 / 15 | |
| 2.65.35 | 23 / 15 | |
| 2.65.34 | 23 / 15 | |
| 2.65.33 | 23 / 15 | |
| 2.65.32 | 23 / 15 | |
| 2.65.31 | 23 / 15 | |
| 2.65.30 | 23 / 15 | |
| 2.65.29 | 23 / 15 | |
| 2.65.28 | 23 / 15 | |
| 2.65.27 | 23 / 15 | |
| 2.65.26 | 23 / 15 |
v2.65.43
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.65.42
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.65.40
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.65.39
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.65.38
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.65.37
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.65.36
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.65.35
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.65.34
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.65.33
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.65.32
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.65.31
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.65.30
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.65.29
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.65.28
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.65.27
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.65.26
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.