← Home

@yugabytedb/perf-advisor-ui

npm

Troubleshoot UI for Yugabyte applications

6
Versions
MIT
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

ybnpmadminpgupta-ybharshdaryaniamiramm

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
provenance no-provenance AI (provenance): Established org package; no provenance is consistent across all 167 versions. ai
dependencies unvetted-dep:material-ui-pickers-v4 AI (dependencies): Standard MUI date picker library; no malicious signal. ai
dependencies unvetted-dep:@yugabyte-ui-library/core AI (dependencies): Internal YugabyteDB UI library; consistent with package's org context. ai
phantom-deps phantom-dep:typescript AI (phantom-deps): TypeScript is a build-time tool referenced in config; not a runtime import concern. ai
dependencies unvetted-dep:@material-ui/lab AI (dependencies): Well-known MUI lab package; stable false positive for this UI library. ai
phantom-deps phantom-dep:highlight.js AI (phantom-deps): Syntax highlighting library; referenced in config files, not a security concern. ai
phantom-deps phantom-dep:material-ui-pickers-v4 AI (phantom-deps): Standard MUI date picker; phantom-dep is a false positive for this package. ai
phantom-deps phantom-dep:@yugabyte-ui-library/core AI (phantom-deps): Internal org library; phantom-dep is a false positive for this package. ai
phantom-deps phantom-dep:web-vitals AI (phantom-deps): Common React app dependency referenced in config; stable false positive. ai
phantom-deps phantom-dep:@svgr/rollup AI (phantom-deps): Build tool plugin; used in rollup config, not direct import. ai
phantom-deps phantom-dep:@types/react AI (phantom-deps): Framework-scoped type package; stable false positive for this package. ai
phantom-deps phantom-dep:react-router AI (phantom-deps): Rollup-bundled library; deps referenced in build config, not direct imports. ai
phantom-deps phantom-dep:react-toastify AI (phantom-deps): Rollup-bundled library; deps referenced in build config, not direct imports. ai
phantom-deps phantom-dep:clsx AI (phantom-deps): Rollup-bundled library; deps referenced in build config, not direct imports. ai
phantom-deps phantom-dep:@types/react-dom AI (phantom-deps): Framework-scoped type package; stable false positive for this package. ai
phantom-deps phantom-dep:react-router-dom AI (phantom-deps): Rollup-bundled library; deps referenced in build config, not direct imports. ai
phantom-deps phantom-dep:@types/react-router AI (phantom-deps): Framework-scoped type package; stable false positive for this package. ai
phantom-deps phantom-dep:@types/react-router-dom AI (phantom-deps): Framework-scoped type package; stable false positive for this package. ai
phantom-deps phantom-dep:@types/lodash-es AI (phantom-deps): Framework-scoped type package; stable false positive for this package. ai
phantom-deps phantom-dep:echarts AI (phantom-deps): Rollup-bundled library; deps referenced in build config, not direct imports. ai
phantom-deps phantom-dep:date-fns AI (phantom-deps): Rollup-bundled library; deps referenced in build config, not direct imports. ai
phantom-deps phantom-dep:prettier AI (phantom-deps): Rollup-bundled library; deps referenced in build config, not direct imports. ai
phantom-deps phantom-dep:lodash-es AI (phantom-deps): Rollup-bundled library; deps referenced in build config, not direct imports. ai
phantom-deps phantom-dep:react-ace AI (phantom-deps): Rollup-bundled library; deps referenced in build config, not direct imports. ai
phantom-deps phantom-dep:ace-builds AI (phantom-deps): Rollup-bundled library; deps referenced in build config, not direct imports. ai
phantom-deps phantom-dep:@types/node AI (phantom-deps): Framework-scoped type package; stable false positive for this package. ai
phantom-deps phantom-dep:date-fns-tz AI (phantom-deps): Rollup-bundled library; deps referenced in build config, not direct imports. ai

Versions (showing 6 of 6)

Version Deps Published
1.0.128 26 / 23
1.0.125 26 / 23
1.0.117 25 / 23
1.0.20 30 / 20
1.0.9 31 / 20
1.0.6 31 / 20

v1.0.128

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.125

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.117

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.20

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.9

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.6

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.