naive-ui
1
Versions
—
License
No
Install Scripts
Missing
Provenance
Supply chain provenance
Status for the latest visible version.
No SLSA provenance
npm registry signatures
No source commit
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
07akioni
Keywords
naive-uicomponent libraryui frameworkuivue
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:highlight.js | AI (phantom-deps): highlight.js is an optional runtime dep used for code highlighting in naive-ui; declared by convention, not a phantom risk. | ai | |
| phantom-deps | phantom-dep:@types/lodash | AI (phantom-deps): Type-only declaration package; no runtime impact. Stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@types/lodash-es | AI (phantom-deps): Type-only declaration package; no runtime impact. Stable false positive for this package. | ai | |
| provenance | no-provenance | AI (provenance): naive-ui is a well-established library; lack of Sigstore provenance is common and not a security risk here. | ai | |
| dependencies | unvetted-dep:evtd | AI (dependencies): evtd is a companion package authored by the same naive-ui maintainer (07akioni); not a third-party unknown. | ai | |
| dependencies | unvetted-dep:vdirs | AI (dependencies): vdirs is a companion package authored by the same naive-ui maintainer (07akioni); not a third-party unknown. | ai | |
| dependencies | unvetted-dep:vooks | AI (dependencies): vooks is a companion package authored by the same naive-ui maintainer (07akioni); not a third-party unknown. | ai | |
| dependencies | unvetted-dep:vueuc | AI (dependencies): vueuc is a companion package authored by the same naive-ui maintainer (07akioni); not a third-party unknown. | ai | |
| dependencies | unvetted-dep:seemly | AI (dependencies): seemly is a companion utility package authored by the same naive-ui maintainer (07akioni); not a third-party unknown. | ai | |
| dependencies | unvetted-dep:treemate | AI (dependencies): treemate is a companion utility package authored by the same naive-ui maintainer (07akioni); not a third-party unknown. | ai | |
| dependencies | unvetted-dep:css-render | AI (dependencies): css-render is a companion package authored by the same naive-ui maintainer (07akioni); not a third-party unknown. | ai | |
| dependencies | unvetted-dep:@css-render/vue3-ssr | AI (dependencies): @css-render/vue3-ssr is a companion package authored by the same naive-ui maintainer (07akioni); not a third-party unknown. | ai | |
| dependencies | unvetted-dep:@css-render/plugin-bem | AI (dependencies): @css-render/plugin-bem is a companion package authored by the same naive-ui maintainer (07akioni); not a third-party unknown. | ai |
Versions (showing 1 of 1)
| Version | Deps | Published |
|---|---|---|
| 2.44.1 | 18 / 57 |