@webstudio-is/react-sdk
Webstudio JavaScript / TypeScript API
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:nanoid | AI (phantom-deps): Monorepo build artifact; declared dep used transitively in build, not a direct import. | ai | |
| phantom-deps | phantom-dep:html-tags | AI (phantom-deps): Same pattern — declared dep used in build/config context, stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:change-case | AI (phantom-deps): Same pattern — declared dep used in build/config context, stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@webstudio-is/fonts | AI (phantom-deps): Same-org sibling package; phantom-dep heuristic is a false positive for monorepo setups. | ai | |
| phantom-deps | phantom-dep:@webstudio-is/icons | AI (phantom-deps): Same-org sibling package; phantom-dep heuristic is a false positive for monorepo setups. | ai |
Versions (showing 38 of 38)
| Version | Deps | Published |
|---|---|---|
| 0.268.0 | 8 / 10 | |
| 0.267.0 | 8 / 10 | |
| 0.266.0 | 8 / 10 | |
| 0.265.0 | 8 / 10 | |
| 0.264.0 | 8 / 10 | |
| 0.263.0 | 8 / 10 | |
| 0.262.1 | 8 / 10 | |
| 0.262.0 | 8 / 10 | |
| 0.261.1 | 8 / 10 | |
| 0.261.0 | 8 / 10 | |
| 0.260.2 | 8 / 10 | |
| 0.259.0 | 8 / 10 | |
| 0.258.0 | 8 / 10 | |
| 0.257.0 | 8 / 10 | |
| 0.255.0 | 8 / 10 | |
| 0.254.0 | 8 / 10 | |
| 0.253.0 | 8 / 10 | |
| 0.252.2 | 8 / 10 | |
| 0.252.1 | 8 / 10 | |
| 0.238.0 | 8 / 10 | |
| 0.237.0 | 8 / 10 | |
| 0.235.0 | 8 / 10 | |
| 0.234.0 | 8 / 10 | |
| 0.233.0 | 8 / 10 | |
| 0.232.0 | 8 / 10 | |
| 0.231.0 | 8 / 10 | |
| 0.230.0 | 8 / 10 | |
| 0.229.0 | 8 / 10 | |
| 0.228.0 | 8 / 10 | |
| 0.227.0 | 8 / 10 | |
| 0.226.0 | 8 / 10 | |
| 0.225.0 | 8 / 10 | |
| 0.224.0 | 8 / 10 | |
| 0.223.0 | 8 / 10 | |
| 0.222.0 | 8 / 10 | |
| 0.221.0 | 8 / 10 | |
| 0.220.0 | 8 / 10 | |
| 0.219.0 | 8 / 10 |
v0.268.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.267.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.266.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.264.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.263.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.262.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.262.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.261.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.261.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.260.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.259.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.258.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.257.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.255.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.254.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.253.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.252.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.252.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.238.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.237.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.235.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.234.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.233.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.232.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.231.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.230.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.229.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.228.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.227.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.226.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.225.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.224.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.223.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.222.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.221.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.220.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.219.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.