@uxf/form
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | no-provenance | AI (provenance): Established @uxf org package; lack of provenance is consistent across all versions and not a risk indicator here. | ai | |
| typosquat | typosquat.levenshtein:cors | AI (typosquat): Scoped org package @uxf/form; Levenshtein match to 'cors' is a false positive with no impersonation intent. | ai | |
| bogus-package | bogus-package | AI (bogus-package): 400 versions over 1332 days; org-internal package with sparse public metadata is expected. | ai |
Versions (showing 51 of 77)
| Version | Deps | Published |
|---|---|---|
| 11.119.0 | 1 / 10 | |
| 11.118.2 | 1 / 10 | |
| 11.118.0 | 1 / 10 | |
| 11.117.2 | 1 / 10 | |
| 11.115.0 | 1 / 10 | |
| 11.114.0 | 1 / 10 | |
| 11.113.0 | 1 / 10 | |
| 11.112.1 | 1 / 10 | |
| 11.112.0 | 1 / 10 | |
| 11.111.2 | 1 / 10 | |
| 11.111.0 | 1 / 10 | |
| 11.110.1 | 1 / 10 | |
| 11.110.0 | 1 / 10 | |
| 11.108.0 | 1 / 10 | |
| 11.107.0 | 3 / 8 | |
| 11.106.0 | 6 / 4 | |
| 11.105.0 | 6 / 4 | |
| 11.104.0 | 6 / 4 | |
| 11.102.0 | 6 / 4 | |
| 11.101.0 | 6 / 4 | |
| 11.100.1 | 6 / 4 | |
| 11.100.0 | 6 / 4 | |
| 11.99.1 | 6 / 4 | |
| 11.99.0 | 6 / 4 | |
| 11.97.0 | 6 / 4 | |
| 11.96.1 | 6 / 4 | |
| 11.96.0 | 6 / 4 | |
| 11.95.1 | 6 / 4 | |
| 11.95.0 | 6 / 4 | |
| 11.94.0 | 6 / 4 | |
| 11.93.3 | 6 / 4 | |
| 11.93.1 | 6 / 4 | |
| 11.93.0 | 6 / 4 | |
| 11.92.3 | 6 / 4 | |
| 11.92.2 | 6 / 4 | |
| 11.92.1 | 6 / 4 | |
| 11.92.0 | 6 / 4 | |
| 11.91.0 | 6 / 4 | |
| 11.90.1 | 6 / 4 | |
| 11.90.0 | 6 / 4 | |
| 11.89.0 | 6 / 4 | |
| 11.88.3 | 6 / 4 | |
| 11.88.2 | 6 / 4 | |
| 11.88.1 | 6 / 4 | |
| 11.88.0 | 6 / 4 | |
| 11.87.0 | 6 / 4 | |
| 11.86.0 | 6 / 4 | |
| 11.85.1 | 6 / 4 | |
| 11.85.0 | 6 / 4 | |
| 11.80.6 | 6 / 4 | |
| 11.80.4 | 6 / 4 |
v11.119.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v11.118.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v11.118.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v11.117.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v11.115.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v11.114.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v11.113.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v11.112.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v11.112.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v11.111.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v11.111.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v11.110.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v11.108.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v11.107.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v11.106.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v11.105.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v11.104.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v11.102.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v11.101.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v11.100.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v11.100.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v11.99.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v11.99.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v11.97.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v11.96.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v11.96.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v11.95.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v11.95.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v11.94.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v11.93.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v11.93.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v11.93.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v11.92.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v11.92.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v11.92.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v11.92.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v11.91.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v11.90.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v11.90.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v11.89.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v11.88.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v11.88.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v11.88.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v11.88.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v11.87.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v11.86.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v11.85.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v11.85.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v11.80.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v11.80.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.