@floating-ui/react — Greenflagged

Floating UI for React

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

fezvrastaatomiks

Keywords

tooltippopoverdropdownmenupopuppositioningreactreact-dom

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
publish-pattern	new-deps-added	AI (publish-pattern): @floating-ui/utils is a first-party package from the same floating-ui monorepo/publisher; adding it is an expected refactor, not a supply-chain risk.	ai	2026/04/23
dependencies	unvetted-peer-dep:react-dom	AI (dependencies): react-dom is a standard peer dependency for React libraries; unvetted peer dep status is expected and acceptable.	ai	2026/04/23
provenance	missing-githead	AI (provenance): atomiks is a long-standing trusted publisher with 440 approved packages; missing gitHead reflects a publish environment change, not a supply chain compromise signal for this package.	ai	2026/04/23
provenance	no-provenance	AI (provenance): Lack of Sigstore provenance is a process gap, not a security indicator, for this well-established package from a trusted publisher.	ai	2026/04/23
dependencies	unvetted-dep:@floating-ui/react-dom	AI (dependencies): @floating-ui/react-dom is a sibling package in the same ecosystem; unvetted status is expected and acceptable for this package.	ai	2026/04/21

Versions (showing 83 of 83)

Version	Deps	Published
0.27.19	3 / 18	2026-03-03
0.27.18	3 / 18	2026-02-17
0.27.17	3 / 18	2026-01-27
0.27.16	3 / 18	2025-08-21
0.27.15	3 / 18	2025-07-30
0.27.14	3 / 18	2025-07-27
0.27.13	3 / 18	2025-06-28
0.27.12	3 / 18	2025-06-02
0.27.11	3 / 18	2025-06-02
0.27.10	3 / 18	2025-05-31
0.27.9	3 / 18	2025-05-26
0.27.8	3 / 17	2025-04-23
0.27.7	3 / 17	2025-04-10
0.27.6	3 / 17	2025-04-02
0.27.5	3 / 17	2025-02-28
0.27.4	3 / 17	2025-02-07
0.27.3	3 / 17	2025-01-07
0.27.2	3 / 17	2024-12-16
0.27.1	3 / 17	2024-12-15
0.27.0	3 / 17	2024-12-06
0.26.28	3 / 17	2024-11-15
0.26.27	3 / 17	2024-10-31
0.26.26	3 / 17	2024-10-30
0.26.25	3 / 17	2024-10-14
0.26.24	3 / 17	2024-09-15
0.26.23	3 / 17	2024-08-25
0.26.22	3 / 17	2024-08-07
0.26.21	3 / 17	2024-08-05
0.26.20	3 / 17	2024-07-22
0.26.19	3 / 17	2024-06-30
0.26.18	3 / 17	2024-06-25
0.26.17	3 / 17	2024-06-13
0.26.16	3 / 17	2024-05-20
0.26.15	3 / 17	2024-05-15
0.26.14	3 / 17	2024-05-13
0.26.13	3 / 17	2024-04-28
0.26.12	3 / 17	2024-04-10
0.26.11	3 / 17	2024-04-05
0.26.10	3 / 17	2024-03-26
0.26.9	3 / 17	2024-02-03
0.26.8	3 / 17	2024-01-28
0.26.7	3 / 17	2024-01-26
0.26.6	3 / 17	2024-01-16
0.26.5	3 / 17	2024-01-06
0.26.4	3 / 16	2023-12-11
0.26.3	3 / 16	2023-11-27
0.26.2	3 / 16	2023-11-08
0.26.1	3 / 16	2023-10-14
0.26.0	3 / 16	2023-10-02
0.25.4	3 / 16	2023-09-06
0.25.3	3 / 16	2023-09-01
0.25.2	3 / 16	2023-08-27
0.25.1	3 / 16	2023-08-10
0.25.0	4 / 16	2023-07-28
0.24.8	3 / 16	2023-07-15
0.24.7	3 / 16	2023-07-13
0.24.6	3 / 16	2023-07-07
0.24.5	3 / 16	2023-07-04
0.24.4	3 / 16	2023-07-04
0.24.3	3 / 18	2023-06-11
0.24.2	3 / 18	2023-05-29
0.24.1	3 / 18	2023-05-13
0.24.0	3 / 18	2023-04-30
0.23.1	3 / 18	2023-04-19
0.23.0	3 / 18	2023-04-10
0.22.3	3 / 18	2023-04-02
0.22.2	3 / 18	2023-03-26
0.22.1	3 / 18	2023-03-25
0.22.0	3 / 18	2023-03-19
0.21.1	3 / 18	2023-03-14
0.21.0	3 / 18	2023-03-12
0.20.1	3 / 15	2023-03-02
0.20.0	3 / 15	2023-03-01
0.19.2	3 / 15	2023-02-12
0.19.1	3 / 15	2023-02-01
0.19.0	3 / 15	2023-01-28
0.18.1	3 / 15	2023-01-23
0.18.0	3 / 15	2023-01-16
0.17.0	3 / 15	2023-01-10
0.16.0	3 / 15	2023-01-07
0.15.1	3 / 15	2023-01-01
0.15.0	3 / 15	2022-12-26
0.14.0	3 / 26	2022-12-10

v0.27.18

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.27.17

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.