← Home

@vendure/admin-ui

npm Repository Homepage
8
Versions
GPL-3.0-or-later
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

michaelbromleyvendure_teamdlhckhousein_is_programming

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
bogus-package bogus-package AI (bogus-package): Established library; missing metadata is normal for compiled/bundled packages. ai
provenance no-provenance AI (provenance): Provenance adoption is ~12% ecosystem-wide; not a signal for this established package. ai
npm-metadata no-description AI (npm-metadata): Established package; missing description is metadata artifact, not a security signal. ai
dependencies unvetted-dep:ngx-translate-messageformat-compiler AI (dependencies): Standard i18n compiler for ngx-translate; stable dependency for this package. ai
dependencies unvetted-dep:chartist AI (dependencies): Legitimate charting library; stable dependency for this Angular admin UI package. ai
dependencies unvetted-dep:@biesbjerg/ngx-translate-extract-marker AI (dependencies): Known ngx-translate utility; stable dependency for this package. ai
dependencies unvetted-dep:@cds/core AI (dependencies): Clarity Design System core; expected dependency for Clarity UI components used in this package. ai
dependencies unvetted-dep:ngx-pagination AI (dependencies): Well-known Angular pagination library; stable dependency for this package. ai
phantom-deps phantom-dep:just-extend AI (phantom-deps): Referenced in config files; stable false positive for this package. ai
phantom-deps phantom-dep:apollo-upload-client AI (phantom-deps): Referenced in config; expected GraphQL upload dep for admin UI. ai
phantom-deps phantom-dep:@messageformat/core AI (phantom-deps): Referenced in config for translation; stable false positive. ai
phantom-deps phantom-dep:prosemirror-keymap AI (phantom-deps): ProseMirror plugin referenced in config; stable false positive. ai
phantom-deps phantom-dep:prosemirror-history AI (phantom-deps): ProseMirror plugin referenced in config; stable false positive. ai
phantom-deps phantom-dep:tslib AI (phantom-deps): tslib is a standard Angular/TypeScript runtime implicit dep; stable false positive for this package. ai
phantom-deps phantom-dep:prosemirror-gapcursor AI (phantom-deps): ProseMirror plugin referenced in config; stable false positive. ai
phantom-deps phantom-dep:prosemirror-dropcursor AI (phantom-deps): ProseMirror plugin referenced in config; stable false positive. ai
phantom-deps phantom-dep:prosemirror-schema-list AI (phantom-deps): ProseMirror plugin referenced in config; stable false positive. ai
phantom-deps phantom-dep:prosemirror-schema-basic AI (phantom-deps): ProseMirror plugin referenced in config; stable false positive. ai
phantom-deps phantom-dep:prosemirror-commands AI (phantom-deps): ProseMirror plugin referenced in config; stable false positive. ai
phantom-deps phantom-dep:@clr/ui AI (phantom-deps): Clarity UI component referenced in config; expected for Angular admin UI package. ai
phantom-deps phantom-dep:@clr/core AI (phantom-deps): Clarity core referenced in config; expected for Angular admin UI package. ai
phantom-deps phantom-dep:@angular/animations AI (phantom-deps): Framework-scoped Angular package loaded by convention; stable false positive. ai
phantom-deps phantom-dep:@angular/language-service AI (phantom-deps): Framework-scoped Angular package; stable false positive. ai
phantom-deps phantom-dep:@angular/platform-browser-dynamic AI (phantom-deps): Framework-scoped Angular package loaded by convention; stable false positive. ai
phantom-deps phantom-dep:@ngx-translate/http-loader AI (phantom-deps): Referenced in config files; expected for i18n setup in Angular admin UI. ai
phantom-deps phantom-dep:messageformat AI (phantom-deps): Referenced in config for translation compiler; stable false positive. ai

Versions (showing 8 of 8)

Version Deps Published
3.6.4 48 / 0
3.6.3 48 / 0
3.6.2 48 / 0
3.6.1 48 / 0
3.6.0 48 / 0
3.5.7 48 / 0
3.5.6 48 / 0
2.3.4 48 / 0

v3.6.4

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.6.3

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.6.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.6.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.6.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.5.7

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.5.6

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.3.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.