[compliance] Other Compliance Findings #86
Description
Other Compliance Findings
Findings that do not match a known compliance theme
Rules
CON-PFM-010: See entity definition
Findings (3)
| Rule | File | Verdict | Evidence |
|---|---|---|---|
CON-PFM-010 |
package.json |
WARN | Multiple third-party dependencies present including @radix-ui components, @tanstack/react-table, lucide-react, and vario |
CON-PFM-010 |
packages/showcase/package.json |
WARN | Multiple third-party dependencies without explicit approval documentation: @faker-js/faker, @hookform/resolvers, bcryptj |
CON-PFM-010 |
packages/ui-kit/package.json |
FAIL | Multiple third-party extensions included without evidence of explicit approval: @radix-ui/* components (25+ packages), @ |
Suggested Actions
- CON-PFM-010: Add metadata fields to document approval status for third-party dependencies, maintain an allowlist of approved packages, and ensure all third-party packages have undergone required security and quality review before inclusion in SaaS builds.
Auto-generated by compliance-checker | Scan: 2026-02-28 | Commit: fac255ddf75c