← Home

@tscircuit/core

npm Repository Homepage

The core logic used to build Circuit JSON from tscircuit React elements.

55
Versions
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

seveibar

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
npm-metadata url-dep:@tscircuit/jlcpcb-manufacturing-specs AI (npm-metadata): SHA-pinned dep is in devDependencies pointing to same org; not included in published dist, stable pattern for this package. ai
phantom-deps phantom-dep:@flatten-js/core AI (phantom-deps): Declared dependency used in config; stable pattern for this package. ai
dependencies unvetted-dep:calculate-cell-boundaries AI (dependencies): Fits tscircuit geometry utility pattern; publisher has strong track record and this is a domain-appropriate dep. ai
dependencies unvetted-dep:react-reconciler-18 AI (dependencies): react-reconciler-18 is a version alias for [email protected], a standard React dual-version support pattern for this package. ai
phantom-deps phantom-dep:nanoid AI (phantom-deps): nanoid is declared and used; phantom-dep rule is a false positive for config-referenced dependencies. ai
phantom-deps phantom-dep:performance-now AI (phantom-deps): performance-now is declared and used; phantom-dep rule is a false positive for config-referenced dependencies. ai
typosquat typosquat.levenshtein:cors AI (typosquat): @tscircuit/core is a scoped package in the tscircuit ecosystem (circuit design framework), not a typosquat of 'cors'. The name similarity is purely coincidental; no brand impersonation. ai
dependencies unvetted-dep:transformation-matrix AI (dependencies): Matrix transformation library; appropriate for 2D coordinate transforms in circuit layout. ai
dependencies unvetted-dep:@lume/kiwi AI (dependencies): Legitimate constraint-solving library appropriate for circuit layout; no security concerns. ai
dependencies unvetted-dep:format-si-unit AI (dependencies): Small utility for SI unit formatting; appropriate for electronics tooling. ai
dependencies unvetted-dep:@flatten-js/core AI (dependencies): Geometry library for 2D operations; appropriate for circuit/PCB layout. ai
dependencies unvetted-dep:calculate-packing AI (dependencies): Packing algorithm library; appropriate for component placement in circuit design. ai
dependencies unvetted-dep:svg-path-commander AI (dependencies): SVG path manipulation library; appropriate for circuit-to-SVG rendering. ai

Versions (showing 55 of 791)

Version Deps Published
0.0.520 9 / 37
0.0.515 9 / 37
0.0.513 9 / 37
0.0.510 9 / 37
0.0.509 9 / 37
0.0.502 9 / 37
0.0.501 9 / 37
0.0.500 9 / 37
0.0.498 9 / 37
0.0.488 9 / 37
0.0.481 9 / 37
0.0.480 9 / 37
0.0.479 9 / 37
0.0.478 9 / 37
0.0.475 9 / 37
0.0.474 9 / 37
0.0.470 9 / 37
0.0.467 9 / 37
0.0.466 9 / 37
0.0.464 9 / 37
0.0.463 9 / 37
0.0.462 9 / 37
0.0.460 9 / 37
0.0.459 9 / 37
0.0.458 9 / 37
0.0.457 9 / 37
0.0.456 9 / 37
0.0.452 9 / 37
0.0.451 9 / 37
0.0.446 9 / 37
0.0.445 9 / 37
0.0.444 9 / 37
0.0.441 9 / 37
0.0.440 9 / 37
0.0.437 9 / 36
0.0.435 9 / 36
0.0.434 9 / 36
0.0.433 9 / 36
0.0.426 9 / 36
0.0.424 9 / 36
0.0.417 9 / 36
0.0.415 9 / 34
0.0.409 9 / 34
0.0.408 9 / 34
0.0.406 9 / 34
0.0.404 9 / 34
0.0.401 9 / 34
0.0.398 19 / 24
0.0.394 19 / 24
0.0.393 19 / 24
0.0.389 19 / 24
0.0.388 19 / 24
0.0.385 19 / 24
0.0.383 19 / 24
0.0.382 19 / 24

v0.0.498

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.481

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.456

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.441

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.440

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.437

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.435

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.434

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.433

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.426

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.424

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.417

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.415

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.409

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.408

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.406

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.404

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.401

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.398

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.394

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.393

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.385

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.383

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.