@volcengine/imagex-hybrid-react
hybrid image viewer
1
Versions
BSD-3-Clause
License
No
Install Scripts
Missing
Provenance
Supply chain provenance
Status for the latest visible version.
No SLSA provenance
npm registry signatures
No source commit
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
bytedance_liutaofeash.yuzhenran.szvcloud_fezhuhongshuyuwangyx.byteshushushuzhouleishanggwliangshuang.fionazhengwenyuewallaceyuancmaxdliuzhao.90liucheng.bigorangezhouykoanakiajachenyongjinlixiangfeiorgawesome-starlingzhang6464volcanoenginebytednpm
Keywords
componentsimagexhybrid
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:new-function-constructor | AI (semgrep): Fires on TypeScript-emitted extendStatics helper in bundled output; not dynamic user-controlled code execution. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Part of @volcengine org with 16 published versions; missing repo/README is a metadata gap, not a spam indicator. | ai |
Versions (showing 1 of 1)
| Version | Deps | Published |
|---|---|---|
| 0.1.2 | 0 / 13 |