@modern-js/plugin-i18n
A Progressive React Framework for modern web development.
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | large-new-source-files | AI (source-diff): Major version refactor of established monorepo package; new files reflect expanded i18n functionality, not injected code. | ai | |
| publish-pattern | new-deps-added | AI (publish-pattern): All new deps are well-known i18next ecosystem packages or same-org @modern-js/* packages; consistent with major version expansion. | ai | |
| source-diff | source-size-tripled | AI (source-diff): v2→v3 major version with 10 new runtime deps and expanded exports; size increase is expected. | ai | |
| dependencies | unvetted-dep:i18next-http-middleware | AI (dependencies): i18next-http-middleware is a standard i18next ecosystem package for server-side i18n; appropriate for this plugin. | ai | |
| phantom-deps | phantom-dep:@modern-js/utils | AI (phantom-deps): Same-org monorepo dep; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@swc/helpers | AI (phantom-deps): Known implicit SWC runtime dep; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@modern-js/plugin | AI (phantom-deps): Same-org monorepo dep; stable false positive for this package. | ai |
Versions (showing 34 of 34)
| Version | Deps | Published |
|---|---|---|
| 3.2.1 | 12 / 11 | |
| 3.2.0 | 12 / 11 | |
| 3.1.5 | 12 / 11 | |
| 3.1.4 | 12 / 11 | |
| 3.1.3 | 12 / 11 | |
| 3.1.2 | 12 / 14 | |
| 3.1.1 | 12 / 14 | |
| 3.1.0 | 12 / 14 | |
| 3.0.5 | 12 / 14 | |
| 3.0.4 | 12 / 14 | |
| 3.0.3 | 12 / 14 | |
| 3.0.2 | 12 / 14 | |
| 3.0.1 | 12 / 14 | |
| 3.0.0 | 12 / 14 | |
| 2.71.0 | 2 / 6 | |
| 2.70.8 | 2 / 6 | |
| 2.70.7 | 2 / 6 | |
| 2.70.6 | 2 / 6 | |
| 2.70.5 | 2 / 6 | |
| 2.70.4 | 2 / 6 | |
| 2.70.3 | 2 / 6 | |
| 2.70.2 | 2 / 6 | |
| 2.70.1 | 2 / 6 | |
| 2.70.0 | 2 / 6 | |
| 2.69.7 | 2 / 6 | |
| 2.69.6 | 2 / 6 | |
| 2.69.5 | 2 / 6 | |
| 2.69.4 | 2 / 6 | |
| 2.69.3 | 2 / 6 | |
| 2.69.2 | 2 / 6 | |
| 2.69.1 | 2 / 6 | |
| 2.69.0 | 2 / 6 | |
| 2.68.20 | 2 / 6 | |
| 2.68.19 | 2 / 6 |
v3.2.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.1.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.1.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.1.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.1.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.0.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.0.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.0.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.0.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.0.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.0.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.71.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.70.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.70.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.70.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.70.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.70.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.70.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.70.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.70.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.70.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.69.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.69.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.69.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.69.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.69.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.69.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.69.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.69.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.68.20
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.68.19
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.