← Home

@umbraco-ui/uui

npm Repository Homepage
10
Versions
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

nielslyngsoejulczkaijacobmadsrasmussenumbraco-publish

Keywords

UmbracoCustom elementsWeb componentsUILitComponents library

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
publish-pattern dormant-publish AI (publish-pattern): Monorepo umbrella package; publish cadence gaps are normal and SLSA provenance confirms CI/CD origin. ai
dependencies unvetted-dep:@umbraco-ui/uui-input-lock AI (dependencies): First-party monorepo sub-package; always published in lockstep with this umbrella package. ai
dependencies unvetted-dep:@umbraco-ui/uui-card-block-type AI (dependencies): First-party monorepo sub-package; always published in lockstep with this umbrella package. ai
dependencies unvetted-dep:@umbraco-ui/uui-button-copy-text AI (dependencies): First-party monorepo sub-package; always published in lockstep with this umbrella package. ai
dependencies unvetted-dep:@umbraco-ui/uui-ref-node-package AI (dependencies): First-party monorepo sub-package; always published in lockstep with this umbrella package. ai
dependencies unvetted-dep:@umbraco-ui/uui-card-content-node AI (dependencies): First-party monorepo sub-package; always published in lockstep with this umbrella package. ai
dependencies unvetted-dep:@umbraco-ui/uui-card AI (dependencies): First-party monorepo sub-package; always published in lockstep with this umbrella package. ai
dependencies unvetted-dep:@umbraco-ui/uui-tabs AI (dependencies): First-party monorepo sub-package; always published in lockstep with this umbrella package. ai
dependencies unvetted-dep:@umbraco-ui/uui-button AI (dependencies): First-party monorepo sub-package; always published in lockstep with this umbrella package. ai
dependencies unvetted-dep:@umbraco-ui/uui-checkbox AI (dependencies): First-party monorepo sub-package; always published in lockstep with this umbrella package. ai
dependencies unvetted-dep:@umbraco-ui/uui-combobox AI (dependencies): First-party monorepo sub-package; always published in lockstep with this umbrella package. ai
dependencies unvetted-dep:@umbraco-ui/uui-card-user AI (dependencies): First-party monorepo sub-package; always published in lockstep with this umbrella package. ai
dependencies unvetted-dep:@umbraco-ui/uui-card-media AI (dependencies): First-party monorepo sub-package; always published in lockstep with this umbrella package. ai
dependencies unvetted-dep:@umbraco-ui/uui-input-file AI (dependencies): First-party monorepo sub-package; always published in lockstep with this umbrella package. ai
dependencies unvetted-dep:@umbraco-ui/uui-pagination AI (dependencies): First-party monorepo sub-package; always published in lockstep with this umbrella package. ai
dependencies unvetted-dep:@umbraco-ui/uui-breadcrumbs AI (dependencies): First-party monorepo sub-package; always published in lockstep with this umbrella package. ai
dependencies unvetted-dep:@umbraco-ui/uui-color-picker AI (dependencies): First-party monorepo sub-package; always published in lockstep with this umbrella package. ai
dependencies unvetted-dep:@umbraco-ui/uui-color-swatch AI (dependencies): First-party monorepo sub-package; always published in lockstep with this umbrella package. ai
dependencies unvetted-dep:@umbraco-ui/uui-ref-node-user AI (dependencies): First-party monorepo sub-package; always published in lockstep with this umbrella package. ai
dependencies unvetted-dep:@umbraco-ui/uui-color-swatches AI (dependencies): First-party monorepo sub-package; always published in lockstep with this umbrella package. ai
dependencies unvetted-dep:@umbraco-ui/uui-input-password AI (dependencies): First-party monorepo sub-package; always published in lockstep with this umbrella package. ai
provenance no-provenance AI (provenance): Established Umbraco org package; lack of Sigstore provenance is acceptable for this publisher. ai
typosquat typosquat.levenshtein:yup AI (typosquat): Legitimate Umbraco UI scoped package; not a typosquat of yup. ai
typosquat typosquat.levenshtein:uuid AI (typosquat): Legitimate Umbraco UI scoped package; not a typosquat of uuid. ai
typosquat typosquat.levenshtein:joi AI (typosquat): Legitimate Umbraco UI scoped package; not a typosquat of joi. ai

Versions (showing 10 of 10)

Version Deps Published
1.18.0 83 / 0
1.17.3 83 / 0
1.17.2 83 / 0
1.17.1 83 / 0
1.17.0 83 / 0
1.16.0 83 / 0
1.15.0 83 / 0
1.14.2 83 / 0
1.14.1 83 / 0
1.14.0 83 / 0

v1.18.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.17.3

2 findings
HIGH typosquat.levenshtein: Possible typosquat of 'uuid' typosquat

Package name '@umbraco-ui/uui' is 1 edit(s) away from popular package 'uuid'.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.17.2

2 findings
HIGH typosquat.levenshtein: Possible typosquat of 'uuid' typosquat

Package name '@umbraco-ui/uui' is 1 edit(s) away from popular package 'uuid'.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.17.1

2 findings
HIGH typosquat.levenshtein: Possible typosquat of 'uuid' typosquat

Package name '@umbraco-ui/uui' is 1 edit(s) away from popular package 'uuid'.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.17.0

2 findings
HIGH typosquat.levenshtein: Possible typosquat of 'uuid' typosquat

Package name '@umbraco-ui/uui' is 1 edit(s) away from popular package 'uuid'.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.16.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.15.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.14.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.14.1

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.14.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.