@ttt-productions/ui-core
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | source-size-tripled | AI (source-diff): Size increase matches addition of 20 new Radix UI component wrappers; no injected payload indicators. | ai | |
| publish-pattern | new-deps-added | AI (publish-pattern): All new deps are established @radix-ui primitives and lucide-react; consistent with UI component library expansion. | ai | |
| source-diff | large-new-source-files | AI (source-diff): Actively growing UI component library; new source files reflect component additions, not injected code. | ai | |
| phantom-deps | phantom-dep:@radix-ui/react-slot | AI (phantom-deps): Radix UI component library; react-slot is a core Radix primitive used in components. | ai | |
| phantom-deps | phantom-dep:class-variance-authority | AI (phantom-deps): UI component library; CVA is standard for variant-based component styling. | ai | |
| phantom-deps | phantom-dep:clsx | AI (phantom-deps): UI component library; clsx is a standard utility re-exported or used in component styling. | ai | |
| phantom-deps | phantom-dep:tailwind-merge | AI (phantom-deps): UI component library; tailwind-merge is standard for Tailwind-based component libraries. | ai | |
| dependencies | unvetted-dep:@radix-ui/react-avatar | AI (dependencies): @radix-ui/react-avatar is a well-known, widely-used Radix UI primitive; stable false positive for this package. | ai |
Versions (showing 23 of 23)
| Version | Deps | Published |
|---|---|---|
| 0.6.4 | 24 / 8 | |
| 0.6.3 | 24 / 8 | |
| 0.6.2 | 24 / 8 | |
| 0.6.1 | 24 / 8 | |
| 0.6.0 | 24 / 6 | |
| 0.5.0 | 24 / 6 | |
| 0.4.3 | 24 / 6 | |
| 0.2.31 | 24 / 5 | |
| 0.2.29 | 24 / 5 | |
| 0.2.28 | 24 / 5 | |
| 0.2.27 | 24 / 5 | |
| 0.2.26 | 24 / 5 | |
| 0.2.25 | 24 / 5 | |
| 0.2.24 | 24 / 5 | |
| 0.2.20 | 24 / 5 | |
| 0.2.5 | 25 / 5 | |
| 0.1.9 | 4 / 5 | |
| 0.1.5 | 4 / 5 | |
| 0.1.4 | 4 / 5 | |
| 0.1.3 | 4 / 5 | |
| 0.1.2 | 4 / 5 | |
| 0.1.1 | 4 / 5 | |
| 0.1.0 | 4 / 5 |
v0.6.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.31
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.29
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.28
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.27
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.26
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.25
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.24
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.20
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.9
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.