@loadable/component
React code splitting made easy.
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | publisher-changed | AI (provenance): Documented maintainer transition from neoziro to kashey for the loadable-components project. kashey has a strong track record (530 approved packages). Legitimate handoff, not a compromise. | ai | |
| maintainer-change | maintainer-added | AI (maintainer-change): Same maintainer transition event — kashey is a trusted, long-standing npm publisher. Stable accept for this package. | ai | |
| publish-pattern | new-deps-added | AI (publish-pattern): react-is is an official React team package, widely trusted. Its addition is consistent with @loadable/component's React SSR use case. | ai |
Versions (showing 34 of 34)
| Version | Deps | Published |
|---|---|---|
| 5.16.7 | 3 / 0 | |
| 5.16.4 | 3 / 0 | |
| 5.16.3 | 3 / 0 | |
| 5.16.2 | 3 / 0 | |
| 5.15.3 | 3 / 0 | |
| 5.15.2 | 3 / 0 | |
| 5.15.0 | 3 / 0 | |
| 5.14.1 | 3 / 0 | |
| 5.14.0 | 3 / 0 | |
| 5.13.2 | 3 / 0 | |
| 5.13.1 | 3 / 0 | |
| 5.13.0 | 3 / 0 | |
| 5.12.0 | 2 / 0 | |
| 5.11.0 | 2 / 0 | |
| 5.10.3 | 2 / 0 | |
| 5.10.2 | 2 / 0 | |
| 5.10.1 | 2 / 0 | |
| 5.10.0 | 2 / 0 | |
| 5.9.0 | 1 / 0 | |
| 5.7.0 | 1 / 0 | |
| 5.6.1 | 1 / 0 | |
| 5.6.0 | 1 / 0 | |
| 5.5.0 | 1 / 0 | |
| 5.2.2 | 1 / 0 | |
| 5.2.1 | 1 / 0 | |
| 5.1.2 | 1 / 0 | |
| 5.0.1 | 1 / 0 | |
| 5.0.0 | 1 / 0 | |
| 4.0.2 | 1 / 0 | |
| 4.0.1 | 1 / 0 | |
| 4.0.0 | 1 / 0 | |
| 3.0.2 | 1 / 0 | |
| 3.0.1 | 1 / 0 | |
| 3.0.0 | 1 / 0 |
v5.16.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.16.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.16.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.16.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.15.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.15.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.15.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.14.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.14.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.13.2
2 findingsThis version was published by a different npm account than previous versions on 2020-09-14. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.13.1
2 findingsThis version was published by a different npm account than previous versions on 2020-07-02. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.13.0
2 findingsThis version was published by a different npm account than previous versions on 2020-06-29. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.12.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.11.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.10.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.10.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.10.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.10.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.9.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.7.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.6.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.6.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.5.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.2.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.2.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.1.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.0.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.0.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.