@workday/canvas-kit-react
The parent module that contains all Workday Canvas Kit React components
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/commonjs/pill/lib/Pill.js | AI (source-diff): Long lines are inlined CSS-in-JS style strings from canvas-kit-styling; not obfuscation. Stable pattern for this package. | ai | |
| source-diff | obfuscated-file:dist/es6/pill/lib/Pill.js | AI (source-diff): Same CSS-in-JS build artifact pattern; not obfuscation. Stable for this package. | ai | |
| semgrep | semgrep:api-obfuscation-reflect | AI (semgrep): Used in a documented object proxy/theming utility; standard JS Proxy pattern, not obfuscation. | ai | |
| phantom-deps | phantom-dep:@workday/canvas-kit-preview-react | AI (phantom-deps): Same org scope (@workday); declared as dep, likely used in dist bundle rather than direct import. | ai |
Versions (showing 25 of 25)
| Version | Deps | Published |
|---|---|---|
| 15.0.7 | 19 / 2 | |
| 15.0.6 | 19 / 2 | |
| 15.0.5 | 19 / 2 | |
| 15.0.4 | 19 / 2 | |
| 15.0.3 | 19 / 2 | |
| 15.0.2 | 19 / 2 | |
| 15.0.1 | 19 / 2 | |
| 15.0.0 | 19 / 2 | |
| 14.3.16 | 18 / 2 | |
| 14.3.15 | 18 / 2 | |
| 14.3.14 | 18 / 2 | |
| 14.3.13 | 18 / 2 | |
| 14.3.12 | 18 / 2 | |
| 14.3.11 | 18 / 2 | |
| 14.3.10 | 18 / 2 | |
| 14.3.9 | 18 / 2 | |
| 14.3.8 | 18 / 2 | |
| 14.3.7 | 18 / 2 | |
| 14.3.6 | 18 / 2 | |
| 14.3.5 | 18 / 2 | |
| 14.3.4 | 18 / 2 | |
| 14.3.3 | 18 / 2 | |
| 14.3.2 | 18 / 2 | |
| 14.3.1 | 18 / 2 | |
| 13.2.57 | 17 / 2 |
v15.0.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.0.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.0.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.0.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.0.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.0.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.0.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.0.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v14.3.16
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v14.3.15
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v14.3.14
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v14.3.13
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v14.3.12
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v14.3.11
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v14.3.10
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v14.3.9
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v14.3.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v14.3.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v14.3.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v14.3.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v14.3.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v14.3.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v14.3.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v14.3.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v13.2.57
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.