@univerjs/sheets-data-validation-ui

Data validation UI for Univer Sheets

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

jikkaiwbfsamengshukeji

Keywords

universheetsdata-validationvalidationui

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	large-new-source-files	AI (source-diff): New locale files added for additional languages; expected growth pattern for this UI package.	ai	2026/06/05
source-diff	obfuscated-file:lib/umd/locale/pl-PL.js	AI (source-diff): UMD-bundled locale file with i18n strings; standard build output for this package.	ai	2026/06/05
source-diff	obfuscated-file:lib/umd/locale/it-IT.js	AI (source-diff): UMD-bundled locale file with i18n strings; standard build output for this package.	ai	2026/06/05
source-diff	obfuscated-file:lib/umd/locale/de-DE.js	AI (source-diff): UMD-bundled locale file with i18n strings; standard build output for this package.	ai	2026/06/05
source-diff	obfuscated-file:lib/es/locale/sk-SK.js	AI (source-diff): ES module locale bundle; same benign i18n strings.	ai	2026/05/27
source-diff	obfuscated-file:lib/locale/sk-SK.js	AI (source-diff): Locale bundle; long lines are concatenated translation strings.	ai	2026/05/27
source-diff	obfuscated-file:lib/umd/locale/sk-SK.js	AI (source-diff): Minified UMD locale string bundle; same pattern as CJS variant, purely translation data.	ai	2026/05/15
source-diff	obfuscated-file:lib/cjs/locale/sk-SK.js	AI (source-diff): Minified locale string bundle; no executable logic, just Slovak UI translation strings.	ai	2026/05/15
source-diff	obfuscated-file:lib/umd/locale/ca-ES.js	AI (source-diff): Minified locale bundle with readable UI strings; standard build output for this package.	ai	2026/05/15
source-diff	obfuscated-file:lib/cjs/locale/es-ES.js	AI (source-diff): Minified locale bundle with readable UI strings; standard build output for this package.	ai	2026/05/15
source-diff	obfuscated-file:lib/cjs/locale/ca-ES.js	AI (source-diff): Minified locale bundle with readable UI strings; standard build output for this package.	ai	2026/05/15
source-diff	obfuscated-file:lib/umd/locale/es-ES.js	AI (source-diff): Minified locale bundle with readable UI strings; standard build output for this package.	ai	2026/05/15
source-diff	obfuscated-file:lib/umd/locale/ko-KR.js	AI (source-diff): Same pattern — UMD-wrapped Korean locale strings; no executable payload.	ai	2026/05/15
source-diff	obfuscated-file:lib/cjs/locale/ko-KR.js	AI (source-diff): Minified locale string bundle (Korean UI text); long lines are dense Unicode JSON, not obfuscated code.	ai	2026/05/15
source-diff	obfuscated-file:lib/cjs/locale/ja-JP.js	AI (source-diff): Minified locale/i18n string bundle; no executable logic. Stable pattern for this package's build output.	ai	2026/05/15
source-diff	obfuscated-file:lib/umd/locale/ja-JP.js	AI (source-diff): UMD-wrapped minified locale string bundle; no executable logic. Stable pattern for this package's build output.	ai	2026/05/15
phantom-deps	phantom-dep:@flatten-js/interval-tree	AI (phantom-deps): Declared runtime dep; may be used indirectly via bundled code. Stable false positive for this package.	ai	2026/05/15
phantom-deps	phantom-dep:@univerjs/sheets-numfmt	AI (phantom-deps): Monorepo internal dep; declared for transitive resolution, stable pattern.	ai	2026/04/28
phantom-deps	phantom-dep:@univerjs/design	AI (phantom-deps): Monorepo internal dep; declared for transitive resolution, stable pattern.	ai	2026/04/28
phantom-deps	phantom-dep:@univerjs/icons	AI (phantom-deps): Monorepo internal dep; declared for transitive resolution, stable pattern.	ai	2026/04/28
phantom-deps	phantom-dep:@univerjs/engine-formula	AI (phantom-deps): Monorepo internal dep; declared for transitive resolution, stable pattern.	ai	2026/04/28
phantom-deps	phantom-dep:@univerjs/sheets-formula-ui	AI (phantom-deps): Monorepo internal dep; declared for transitive resolution, stable pattern.	ai	2026/04/28
dependencies	unvetted-dep:@univerjs/sheets	AI (dependencies): Sibling package from same DreamNum/univer monorepo.	ai	2026/04/28
dependencies	unvetted-dep:@univerjs/engine-formula	AI (dependencies): Sibling package from same DreamNum/univer monorepo.	ai	2026/04/28
dependencies	unvetted-dep:@univerjs/sheets-numfmt	AI (dependencies): Sibling package from same DreamNum/univer monorepo.	ai	2026/04/28
dependencies	unvetted-dep:@univerjs/engine-render	AI (dependencies): Sibling package from same DreamNum/univer monorepo.	ai	2026/04/28
dependencies	unvetted-dep:@univerjs/sheets-ui	AI (dependencies): Sibling package from same DreamNum/univer monorepo.	ai	2026/04/28
dependencies	unvetted-dep:@univerjs/design	AI (dependencies): Sibling package from same DreamNum/univer monorepo.	ai	2026/04/28
dependencies	unvetted-dep:@univerjs/icons	AI (dependencies): Sibling package from same DreamNum/univer monorepo.	ai	2026/04/28
dependencies	unvetted-dep:@univerjs/data-validation	AI (dependencies): Sibling package from same DreamNum/univer monorepo.	ai	2026/04/28
dependencies	unvetted-dep:@univerjs/core	AI (dependencies): Sibling package from same DreamNum/univer monorepo.	ai	2026/04/28
dependencies	unvetted-dep:@univerjs/ui	AI (dependencies): Sibling package from same DreamNum/univer monorepo; unvetted status is a pipeline gap, not a threat.	ai	2026/04/28
dependencies	unvetted-dep:@univerjs/sheets-data-validation	AI (dependencies): Sibling package from same DreamNum/univer monorepo.	ai	2026/04/28
dependencies	unvetted-dep:@univerjs/sheets-formula-ui	AI (dependencies): Sibling package from same DreamNum/univer monorepo.	ai	2026/04/28

Versions (showing 51 of 53)

View all versions

Version	Deps	Published
0.25.0	12 / 7	2026-05-30
0.24.0	12 / 7	2026-05-23
0.23.0	12 / 7	2026-05-18
0.22.1	12 / 7	2026-05-13
0.22.0	12 / 7	2026-05-09
0.21.1	12 / 7	2026-04-25
0.21.0	12 / 7	2026-04-18
0.20.1	12 / 7	2026-04-11
0.20.0	12 / 7	2026-04-03
0.19.0	12 / 7	2026-03-28
0.18.0	12 / 7	2026-03-18
0.17.0	12 / 8	2026-03-11
0.16.1	12 / 8	2026-03-03
0.16.0	12 / 8	2026-02-28
0.15.5	12 / 8	2026-02-11
0.15.4	12 / 8	2026-01-31
0.15.3	12 / 8	2026-01-24
0.15.2	12 / 8	2026-01-17
0.15.1	12 / 8	2026-01-10
0.15.0	12 / 8	2025-12-27
0.14.0	12 / 8	2025-12-20
0.13.0	12 / 8	2025-12-13
0.12.4	13 / 8	2025-12-06
0.12.3	13 / 8	2025-11-29
0.12.2	13 / 8	2025-11-22
0.12.1	13 / 8	2025-11-22
0.12.0	13 / 8	2025-11-15
0.11.0	13 / 8	2025-11-08
0.10.14	13 / 8	2025-10-29
0.10.13	13 / 8	2025-10-25
0.10.12	13 / 8	2025-10-22
0.10.11	13 / 8	2025-10-18
0.10.10	13 / 8	2025-09-26
0.10.9	13 / 8	2025-09-20
0.10.8	13 / 8	2025-09-13
0.10.7	13 / 8	2025-09-06
0.10.6	13 / 8	2025-08-29
0.10.5	13 / 8	2025-08-22
0.10.4	13 / 8	2025-08-15
0.10.3	13 / 8	2025-08-08
0.10.2	13 / 8	2025-08-02
0.10.1	13 / 8	2025-07-31
0.10.0	13 / 8	2025-07-29
0.9.4	13 / 8	2025-07-25
0.9.3	13 / 8	2025-07-19
0.9.2	13 / 8	2025-07-11
0.9.1	13 / 8	2025-07-04
0.9.0	13 / 8	2025-07-04
0.8.3	13 / 8	2025-06-27
0.8.2	13 / 8	2025-06-20
0.8.1	13 / 8	2025-06-12

v0.25.0

4 findings

HIGH New obfuscated file: lib/umd/locale/de-DE.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/umd/locale/it-IT.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/umd/locale/pl-PL.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.24.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.23.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.22.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.22.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.21.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.21.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.20.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.20.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.19.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.18.0

5 findings

HIGH New obfuscated file: lib/cjs/locale/sk-SK.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/es/locale/sk-SK.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/locale/sk-SK.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/umd/locale/sk-SK.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.17.0

3 findings

HIGH New obfuscated file: lib/cjs/locale/sk-SK.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/umd/locale/sk-SK.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.16.1

3 findings

HIGH New obfuscated file: lib/cjs/locale/sk-SK.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/umd/locale/sk-SK.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.16.0

3 findings

HIGH New obfuscated file: lib/cjs/locale/sk-SK.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/umd/locale/sk-SK.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.15.5

3 findings

HIGH New obfuscated file: lib/cjs/locale/sk-SK.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/umd/locale/sk-SK.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.15.4

3 findings

HIGH New obfuscated file: lib/cjs/locale/sk-SK.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/umd/locale/sk-SK.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.15.3

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.15.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.15.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.15.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.14.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.13.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.12.4

3 findings

HIGH New obfuscated file: lib/cjs/locale/ja-JP.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/umd/locale/ja-JP.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.12.3

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.12.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.12.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.12.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.11.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.10.14

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.10.13

7 findings

HIGH New obfuscated file: lib/cjs/locale/ca-ES.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/umd/locale/ca-ES.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/cjs/locale/es-ES.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/umd/locale/es-ES.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/cjs/locale/ko-KR.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: lib/umd/locale/ko-KR.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.10.12