@webitel/ui-chats — Greenflagged

Reusable Webitel Frontend Code for Chats UI

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

dlohvinovnavrotskyjbiedulina_valeriiagoodxtime

Keywords

webitelwebitel-ui

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Transition to GitHub Actions publisher is confirmed by SLSA provenance attestation; expected for CI/CD automation.	ai	2026/05/22
provenance	no-provenance	AI (provenance): Webitel org packages consistently lack provenance; stable false positive for this publisher.	ai	2026/05/21
phantom-deps	phantom-dep:autolinker	AI (phantom-deps): Library package; deps referenced in config/build but not directly imported in source is expected pattern.	ai	2026/04/29
phantom-deps	phantom-dep:insert-text-at-cursor	AI (phantom-deps): Same config-only reference pattern; stable false positive for this package.	ai	2026/04/29

Versions (showing 63 of 63)

Version	Deps	Published
0.1.37	2 / 10	2026-05-21
0.1.36	2 / 10	2026-05-20
0.1.35	2 / 9	2026-05-18
0.1.34	2 / 9	2026-05-13
0.1.33	2 / 9	2026-05-08
0.1.32	2 / 9	2026-05-04
0.1.31	2 / 9	2026-04-27
0.1.30	2 / 9	2026-04-24
0.1.29	2 / 9	2026-04-24
0.1.28	2 / 9	2026-04-23
0.1.27	2 / 9	2026-04-23
0.1.26	2 / 9	2026-04-17
0.1.25	2 / 9	2026-04-16
0.1.24	2 / 9	2026-04-15
0.1.23	2 / 9	2026-04-10
0.1.22	2 / 9	2026-04-10
0.1.21	2 / 9	2026-04-06
0.1.20	2 / 9	2026-04-06
0.1.19	2 / 9	2026-03-23
0.1.18	2 / 9	2026-03-16
0.1.17	2 / 9	2026-03-13
0.1.16	2 / 9	2026-03-12
0.1.15	2 / 9	2026-03-09
0.1.14	2 / 9	2026-03-06
0.1.13	2 / 9	2026-03-06
0.1.12	2 / 9	2026-03-05
0.1.11	2 / 9	2026-02-20
0.1.10	2 / 9	2026-02-04
0.1.9	2 / 9	2026-02-04
0.1.8	2 / 11	2026-02-04
0.1.7	2 / 11	2026-02-04
0.1.6	2 / 11	2026-01-30
0.1.5	2 / 11	2026-01-28
0.1.4	2 / 11	2026-01-27
0.1.3	2 / 11	2026-01-26
0.1.2	2 / 11	2026-01-26
0.1.1	2 / 11	2026-01-22
0.1.0	2 / 11	2026-01-22
0.0.26	4 / 9	2026-02-03
0.0.25	4 / 9	2026-01-21
0.0.24	4 / 9	2026-01-21
0.0.23	4 / 9	2026-01-07
0.0.22	4 / 9	2026-01-07
0.0.21	4 / 9	2026-01-06
0.0.20	4 / 9	2026-01-05
0.0.19	4 / 9	2026-01-02
0.0.18	4 / 9	2025-12-31
0.0.17	4 / 9	2025-12-30
0.0.16	4 / 9	2025-12-26
0.0.15	4 / 9	2025-12-17
0.0.14	4 / 9	2025-12-15
0.0.13	4 / 9	2025-12-12
0.0.12	4 / 9	2025-12-12
0.0.11	4 / 9	2025-12-12
0.0.10	4 / 9	2025-12-12
0.0.9	4 / 9	2025-12-12
0.0.8	4 / 9	2025-12-12
0.0.7	4 / 9	2025-12-12
0.0.6	4 / 9	2025-12-11
0.0.5	4 / 9	2025-12-11
0.0.4	4 / 9	2025-12-09
0.0.3	4 / 9	2025-12-04
0.0.2	4 / 9	2025-12-04

v0.1.37

2 findings

HIGH Publisher changed: dlohvinov → GitHub Actions (on 2026-05-21) provenance

This version was published by a different npm account than previous versions on 2026-05-21. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.36

2 findings

HIGH Publisher changed: dlohvinov → GitHub Actions (on 2026-05-20) provenance

This version was published by a different npm account than previous versions on 2026-05-20. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.