@vxrn/vite-flow
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:metro-react-native-babel-preset | AI (phantom-deps): React Native platform-specific preset; loaded by convention. | ai | |
| phantom-deps | phantom-dep:@react-native/babel-plugin-codegen | AI (phantom-deps): React Native platform-specific plugin; loaded by convention. | ai | |
| phantom-deps | phantom-dep:@babel/plugin-transform-private-methods | AI (phantom-deps): Babel plugin loaded by convention in this toolchain. | ai | |
| phantom-deps | phantom-dep:flow-remove-types | AI (phantom-deps): Babel toolchain dependency; loaded via config convention in this build tool. | ai | |
| phantom-deps | phantom-dep:babel-plugin-syntax-hermes-parser | AI (phantom-deps): Babel plugin loaded via config convention. | ai | |
| phantom-deps | phantom-dep:@react-native/babel-preset | AI (phantom-deps): Platform-specific preset loaded by convention; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@babel/helper-plugin-utils | AI (phantom-deps): Babel plugin utility; loaded by convention in babel plugin packages, stable false positive for this package. | ai |
Versions (showing 84 of 294)
| Version | Deps | Published |
|---|---|---|
| 1.2.18 | 5 / 2 | |
| 1.2.17 | 5 / 2 | |
| 1.2.16 | 5 / 2 | |
| 1.2.15 | 5 / 2 | |
| 1.2.14 | 5 / 2 | |
| 1.2.13 | 5 / 2 | |
| 1.2.12 | 5 / 2 | |
| 1.2.11 | 5 / 2 | |
| 1.2.10 | 5 / 2 | |
| 1.2.9 | 5 / 2 | |
| 1.2.8 | 5 / 2 | |
| 1.2.7 | 5 / 2 | |
| 1.2.6 | 5 / 2 | |
| 1.2.5 | 5 / 2 | |
| 1.2.4 | 5 / 2 | |
| 1.2.3 | 5 / 2 | |
| 1.2.2 | 5 / 2 | |
| 1.2.1 | 5 / 2 | |
| 1.2.0 | 5 / 2 | |
| 1.1.547 | 9 / 2 | |
| 1.1.546 | 9 / 2 | |
| 1.1.545 | 9 / 2 | |
| 1.1.544 | 9 / 2 | |
| 1.1.543 | 9 / 2 | |
| 1.1.542 | 9 / 2 | |
| 1.1.541 | 9 / 2 | |
| 1.1.540 | 9 / 2 | |
| 1.1.539 | 9 / 2 | |
| 1.1.538 | 9 / 2 | |
| 1.1.537 | 9 / 2 | |
| 1.1.536 | 9 / 2 | |
| 1.1.535 | 9 / 2 | |
| 1.1.534 | 9 / 2 | |
| 1.1.533 | 9 / 2 | |
| 1.1.532 | 9 / 2 | |
| 1.1.531 | 9 / 2 | |
| 1.1.530 | 9 / 2 | |
| 1.1.529 | 9 / 2 | |
| 1.1.528 | 9 / 2 | |
| 1.1.527 | 9 / 2 | |
| 1.1.526 | 9 / 2 | |
| 1.1.525 | 9 / 2 | |
| 1.1.524 | 9 / 2 | |
| 1.1.523 | 9 / 2 | |
| 1.1.522 | 9 / 2 | |
| 1.1.521 | 9 / 2 | |
| 1.1.520 | 9 / 2 | |
| 1.1.519 | 9 / 2 | |
| 1.1.518 | 9 / 2 | |
| 1.1.517 | 9 / 2 | |
| 1.1.516 | 9 / 2 | |
| 1.1.515 | 9 / 2 | |
| 1.1.514 | 9 / 2 | |
| 1.1.513 | 9 / 2 | |
| 1.1.512 | 9 / 2 | |
| 1.1.511 | 9 / 2 | |
| 1.1.510 | 9 / 2 | |
| 1.1.509 | 9 / 2 | |
| 1.1.508 | 9 / 2 | |
| 1.1.507 | 9 / 2 | |
| 1.1.506 | 9 / 2 | |
| 1.1.505 | 9 / 2 | |
| 1.1.504 | 9 / 2 | |
| 1.1.502 | 9 / 2 | |
| 1.1.501 | 9 / 2 | |
| 1.1.500 | 9 / 2 | |
| 1.1.499 | 9 / 2 | |
| 1.1.498 | 9 / 2 | |
| 1.1.497 | 9 / 2 | |
| 1.1.496 | 9 / 2 | |
| 1.1.495 | 9 / 2 | |
| 1.1.494 | 9 / 2 | |
| 1.1.493 | 9 / 2 | |
| 1.1.492 | 9 / 2 | |
| 1.1.491 | 9 / 2 | |
| 1.1.490 | 9 / 2 | |
| 1.1.489 | 9 / 2 | |
| 1.1.488 | 8 / 2 | |
| 1.1.487 | 8 / 2 | |
| 1.1.486 | 8 / 2 | |
| 1.1.485 | 8 / 2 | |
| 1.1.484 | 8 / 2 | |
| 1.1.483 | 8 / 2 | |
| 1.1.481 | 8 / 2 |
v1.2.18
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.17
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.16
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.15
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.14
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.13
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.12
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.11
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.547
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.546
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.545
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.544
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.543
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.542
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.541
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.540
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.539
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.538
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.537
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.536
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.535
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.534
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.533
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.532
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.531
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.530
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.529
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.528
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.527
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.526
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.525
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.524
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.523
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.522
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.521
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.520
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.519
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.518
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.517
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.516
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.515
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.514
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.513
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.512
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.511
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.510
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.509
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.508
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.507
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.506
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.505
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.504
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.502
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.501
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.500
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.499
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.498
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.497
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.496
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.495
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.494
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.493
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.492
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.491
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.490
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.489
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.488
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.487
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.486
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.485
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.484
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.483
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.481
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.