@vibes.diy/use-vibes-base
Core components and utilities for use-vibes (internal workspace package)
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| publish-pattern | new-deps-added | AI (publish-pattern): zod is a well-established, widely-used validation library; not a suspicious addition. | ai | |
| dependencies | unvetted-dep:@fireproof/core-types-protocols-cloud | AI (dependencies): Core Fireproof types; integral to this package's purpose. | ai | |
| dependencies | unvetted-dep:@fireproof/core-types-base | AI (dependencies): Core Fireproof types; integral to this package's purpose. | ai | |
| dependencies | unvetted-dep:@fireproof/core-runtime | AI (dependencies): Core Fireproof runtime; integral to this package's purpose. | ai | |
| dependencies | unvetted-dep:@adviser/cement | AI (dependencies): Part of the Fireproof ecosystem used consistently across vibes.diy packages; stable dependency. | ai | |
| phantom-deps | phantom-dep:@vibes.diy/vibe-runtime | AI (phantom-deps): Same-org workspace sibling; re-exported or used transitively. | ai | |
| phantom-deps | phantom-dep:@vibes.diy/base | AI (phantom-deps): Same org scope; likely re-exported or used indirectly via workspace. Stable false positive. | ai | |
| phantom-deps | phantom-dep:react-dom | AI (phantom-deps): react-dom is a peer-adjacent dep declared for type/config purposes; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:uuid | AI (phantom-deps): uuid is declared as a runtime dep in package.json; phantom-dep heuristic false positive for this package. | ai | |
| phantom-deps | phantom-dep:zod | AI (phantom-deps): Declared as direct dep; phantom-dep heuristic false positive for this workspace package. | ai | |
| phantom-deps | phantom-dep:@fireproof/core-types-base | AI (phantom-deps): Declared as direct dep; phantom-dep heuristic false positive for this workspace package. | ai | |
| phantom-deps | phantom-dep:@fireproof/core-keybag | AI (phantom-deps): Declared as direct dep; phantom-dep heuristic false positive for this workspace package. | ai | |
| phantom-deps | phantom-dep:@fireproof/core | AI (phantom-deps): Declared as direct dep; phantom-dep heuristic false positive for this workspace package. | ai | |
| phantom-deps | phantom-dep:jose | AI (phantom-deps): Declared as direct dep; phantom-dep heuristic false positive for this workspace package. | ai |
Versions (showing 63 of 63)
| Version | Deps | Published |
|---|---|---|
| 2.5.0 | 21 / 0 | |
| 2.4.16 | 21 / 0 | |
| 2.4.15 | 21 / 0 | |
| 2.4.14 | 21 / 0 | |
| 2.4.13 | 21 / 0 | |
| 2.4.12 | 21 / 0 | |
| 2.4.11 | 21 / 0 | |
| 2.4.10 | 21 / 0 | |
| 2.4.9 | 21 / 0 | |
| 2.4.8 | 21 / 0 | |
| 2.4.7 | 21 / 0 | |
| 2.4.6 | 21 / 0 | |
| 2.4.5 | 21 / 0 | |
| 2.4.4 | 21 / 0 | |
| 2.4.3 | 21 / 0 | |
| 2.4.2 | 21 / 0 | |
| 2.4.1 | 21 / 0 | |
| 2.4.0 | 21 / 0 | |
| 2.3.5 | 21 / 0 | |
| 2.3.4 | 21 / 0 | |
| 2.3.3 | 21 / 0 | |
| 2.3.2 | 21 / 0 | |
| 2.3.1 | 21 / 0 | |
| 2.3.0 | 21 / 0 | |
| 2.2.19 | 21 / 0 | |
| 2.2.18 | 21 / 0 | |
| 2.2.17 | 21 / 0 | |
| 2.2.16 | 21 / 0 | |
| 2.2.15 | 21 / 0 | |
| 2.2.14 | 21 / 0 | |
| 2.2.13 | 21 / 0 | |
| 2.2.12 | 18 / 0 | |
| 2.2.11 | 18 / 0 | |
| 2.2.10 | 18 / 0 | |
| 2.2.9 | 18 / 0 | |
| 2.2.8 | 18 / 0 | |
| 2.2.7 | 18 / 0 | |
| 2.2.6 | 18 / 0 | |
| 2.2.5 | 18 / 0 | |
| 2.2.4 | 18 / 0 | |
| 2.2.3 | 18 / 0 | |
| 2.2.2 | 18 / 0 | |
| 2.2.1 | 18 / 0 | |
| 2.2.0 | 18 / 0 | |
| 2.0.10 | 18 / 0 | |
| 2.0.9 | 18 / 0 | |
| 2.0.8 | 18 / 0 | |
| 2.0.7 | 18 / 0 | |
| 2.0.6 | 18 / 0 | |
| 2.0.3 | 16 / 0 | |
| 2.0.1 | 16 / 0 | |
| 2.0.0 | 16 / 0 | |
| 0.18.9 | 12 / 12 | |
| 0.18.7 | 12 / 12 | |
| 0.18.1 | 12 / 12 | |
| 0.18.0 | 12 / 12 | |
| 0.17.5 | 12 / 12 | |
| 0.16.2 | 10 / 12 | |
| 0.16.1 | 10 / 12 | |
| 0.16.0 | 10 / 12 | |
| 0.15.19 | 10 / 12 | |
| 0.15.18 | 10 / 12 | |
| 0.15.17 | 10 / 12 |
v2.5.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.4.16
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.4.15
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.4.14
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.4.13
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.4.12
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.4.11
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.4.10
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.4.9
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.4.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.4.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.4.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.4.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.4.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.4.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.4.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.4.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.4.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.3.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.3.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.3.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.3.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.3.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.3.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.2.19
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.2.18
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.2.17
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.2.16
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.2.15
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.2.14
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.2.13
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.2.12
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.2.11
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.2.10
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.2.9
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.2.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.2.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.2.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.2.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.2.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.2.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.2.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.2.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.2.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.0.10
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.0.9
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.0.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.0.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.0.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.0.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.0.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.18.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.18.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.18.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.18.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.17.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.16.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.15.19
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.15.18
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.15.17
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.