SUPPLY-CHAIN REPORT

shadcn-ui/ui

A set of beautifully-designed, accessible components and a code distribution platform. Works with your favorite frameworks. Open Source. Open Code.

VERDICTCLEAN·100/100

View on GitHub →

STARS

112,530

FORKS

8,560

OPEN ISSUES

1,824

LANGUAGE

TypeScript

LICENSE

MIT

LAST PUSH

2026-04-16

SIGNALS

Historical supply-chain incidents

No known compromise, backdoor, or wallet-drainer incident in our curated DB.

Historical security advisories

No published security advisories on this repo.

Maintenance activity

Actively maintained. Last push 1 days ago.

Ecosystem trust

112,530 stars. Widely used — supply-chain attacks on popular repos are high-impact but also more likely to be caught fast.

License

MIT

METHODOLOGY

This report is generated on demand by querying the GitHub API for repository metadata and published security advisories, then cross-referencing our curated database of known supply-chain incidents (xz-utils, event-stream, ua-parser-js, colors.js, tj-actions, Codecov, and more). Results are cached for 24 hours. We do not scan repository code or dependencies — for that, see Snyk or Socket. Verdict: CLEAN ≥80, CAUTION 50–79, COMPROMISED<50.

SCAN A DEPLOYED SITE

Repo looks clean but the live deployment might still be exposing headers, CORS, or SSL misconfigurations.

SCAN A URL →

SCANNING shadcn-ui/ui...