@modern-js/server
A Progressive React Framework for modern web development.
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:connect-history-api-fallback | AI (phantom-deps): Middleware used indirectly in server config; stable pattern for this package. | ai | |
| phantom-deps | phantom-dep:ws | AI (phantom-deps): WebSocket library used indirectly in server runtime; stable pattern for this package. | ai | |
| phantom-deps | phantom-dep:axios | AI (phantom-deps): HTTP client used indirectly in server utilities; stable pattern for this package. | ai | |
| phantom-deps | phantom-dep:http-compression | AI (phantom-deps): Compression middleware used indirectly in server runtime; stable pattern for this package. | ai | |
| typosquat | typosquat.levenshtein:semver | AI (typosquat): Scoped package @modern-js/server is a framework server package, not a typosquat of semver; Levenshtein match is spurious. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Framework sub-package; sparse README is expected for internal packages in a monorepo. | ai | |
| phantom-deps | phantom-dep:@modern-js/server-utils | AI (phantom-deps): Same-org sibling dependency; phantom-dep heuristic is a false positive here. | ai | |
| phantom-deps | phantom-dep:@swc/helpers | AI (phantom-deps): Known implicit SWC runtime dependency; stable false positive for this package. | ai |
Versions (showing 34 of 34)
| Version | Deps | Published |
|---|---|---|
| 3.2.1 | 12 / 13 | |
| 3.2.0 | 12 / 13 | |
| 3.1.5 | 12 / 13 | |
| 3.1.4 | 12 / 13 | |
| 3.1.3 | 12 / 13 | |
| 3.1.2 | 12 / 13 | |
| 3.1.1 | 12 / 13 | |
| 3.1.0 | 12 / 13 | |
| 3.0.5 | 12 / 13 | |
| 3.0.4 | 12 / 13 | |
| 3.0.3 | 12 / 13 | |
| 3.0.2 | 12 / 13 | |
| 3.0.1 | 12 / 13 | |
| 3.0.0 | 12 / 13 | |
| 2.71.0 | 14 / 15 | |
| 2.70.8 | 14 / 15 | |
| 2.70.7 | 14 / 15 | |
| 2.70.6 | 14 / 15 | |
| 2.70.5 | 14 / 15 | |
| 2.70.4 | 14 / 15 | |
| 2.70.3 | 14 / 15 | |
| 2.70.2 | 14 / 15 | |
| 2.70.1 | 14 / 15 | |
| 2.70.0 | 14 / 15 | |
| 2.69.7 | 14 / 15 | |
| 2.69.6 | 14 / 15 | |
| 2.69.5 | 14 / 15 | |
| 2.69.4 | 14 / 15 | |
| 2.69.3 | 14 / 15 | |
| 2.69.2 | 14 / 15 | |
| 2.69.1 | 14 / 15 | |
| 2.69.0 | 14 / 15 | |
| 2.68.20 | 14 / 15 | |
| 2.68.19 | 14 / 15 |
v3.2.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1.5
2 findingsPackage name '@modern-js/server' is 1 edit(s) away from popular package 'semver'.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.1.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.1.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.1.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.1.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.1.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.71.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.70.8
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.70.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.70.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.70.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.70.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.70.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.70.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.70.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.70.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.69.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.69.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.69.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.69.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.69.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.69.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.69.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.69.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.68.20
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.68.19
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.