@times-components/video
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| typosquat | typosquat.levenshtein:vite | AI (typosquat): Scoped @times-components package from newsuk org; no relation to vite, Levenshtein match is spurious. | ai | |
| dependencies | unvetted-dep:@times-components/icons | AI (dependencies): Sibling package in the same newsuk/times-components monorepo; not an external unvetted dep. | ai | |
| dependencies | unvetted-dep:@times-components/image | AI (dependencies): Sibling package in the same newsuk/times-components monorepo. | ai | |
| dependencies | unvetted-dep:@times-components/utils | AI (dependencies): Sibling package in the same newsuk/times-components monorepo. | ai | |
| dependencies | unvetted-dep:@times-components/error-view | AI (dependencies): Sibling package in the same newsuk/times-components monorepo. | ai | |
| dependencies | unvetted-dep:@times-components/ts-styleguide | AI (dependencies): Sibling package in the same newsuk/times-components monorepo. | ai |
Versions (showing 48 of 48)
| Version | Deps | Published |
|---|---|---|
| 4.19.66 | 7 / 17 | |
| 4.19.65 | 7 / 17 | |
| 4.19.64 | 7 / 17 | |
| 4.19.63 | 7 / 17 | |
| 4.19.62 | 7 / 17 | |
| 4.19.61 | 7 / 17 | |
| 4.19.60 | 7 / 17 | |
| 4.19.59 | 7 / 17 | |
| 4.19.58 | 7 / 17 | |
| 4.19.57 | 7 / 17 | |
| 4.19.56 | 7 / 17 | |
| 4.19.55 | 7 / 17 | |
| 4.19.54 | 7 / 17 | |
| 4.19.53 | 7 / 17 | |
| 4.19.52 | 7 / 17 | |
| 4.19.51 | 7 / 17 | |
| 4.19.50 | 7 / 17 | |
| 4.19.49 | 7 / 17 | |
| 4.19.48 | 7 / 17 | |
| 4.19.47 | 7 / 17 | |
| 4.19.46 | 7 / 17 | |
| 4.19.45 | 7 / 17 | |
| 4.19.44 | 7 / 17 | |
| 4.19.43 | 7 / 17 | |
| 4.19.42 | 7 / 17 | |
| 4.19.41 | 7 / 17 | |
| 4.19.40 | 7 / 17 | |
| 4.19.39 | 7 / 17 | |
| 4.19.38 | 7 / 17 | |
| 4.19.37 | 7 / 17 | |
| 4.19.36 | 7 / 17 | |
| 4.19.35 | 7 / 17 | |
| 4.19.34 | 7 / 17 | |
| 4.19.33 | 7 / 17 | |
| 4.19.32 | 7 / 17 | |
| 4.19.31 | 7 / 17 | |
| 4.19.30 | 7 / 17 | |
| 4.19.29 | 7 / 17 | |
| 4.19.28 | 7 / 17 | |
| 4.19.27 | 7 / 17 | |
| 4.19.26 | 7 / 17 | |
| 4.19.25 | 7 / 17 | |
| 4.19.24 | 7 / 17 | |
| 4.19.23 | 7 / 17 | |
| 4.19.22 | 7 / 17 | |
| 4.19.21 | 7 / 17 | |
| 4.19.20 | 7 / 17 | |
| 4.19.19 | 7 / 17 |
v4.19.65
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.19.64
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.19.63
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.19.62
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.19.61
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.19.60
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.19.59
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.19.58
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.19.57
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.19.56
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.19.55
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.19.54
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.19.53
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.19.52
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.19.51
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.19.50
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.19.49
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.19.48
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.19.47
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.19.46
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.19.45
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.19.44
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.19.43
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.19.42
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.19.41
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.19.40
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.19.39
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.19.38
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.19.37
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.19.36
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.19.35
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.19.34
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.19.33
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.19.32
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.19.31
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.19.30
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.19.29
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.19.28
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.19.27
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.19.26
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.19.25
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.19.24
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.19.23
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.19.22
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.19.21
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.19.20
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.19.19
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.