@pmmmwh/react-refresh-webpack-plugin
An **EXPERIMENTAL** Webpack plugin to enable "Fast Refresh" (also previously known as _Hot Reloading_) for React components.
34
Versions
MIT
License
No
Install Scripts
Missing
Provenance
Supply chain provenance
Status for the latest visible version.
No SLSA provenance
npm registry signatures
No source commit
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
pmmmwh
Keywords
reactjavascriptwebpackrefreshhmrhotreloadlivereloadliveedithotreload
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | net-exec-file:client/utils/safeThis.js | AI (source-diff): File is a documented copy of core-js's global detection utility. Function('return this')() is a standard safe-global pattern, not malicious dynamic code execution. False positive for this package. | ai | |
| provenance | missing-githead | AI (provenance): Established publisher with 17 approved packages and 2328-day history; missing gitHead is likely a benign CI/CD environment change, not a supply chain indicator. | ai | |
| source-diff | large-new-source-files | AI (source-diff): Large file count increase is consistent with a major version bump (0.2.0→0.5.0) involving significant refactoring; no obfuscation or malicious code indicators present. | ai | |
| dependencies | unvetted-dep:sockjs-client | AI (dependencies): sockjs-client is a well-known WebSocket fallback library; its use is expected and legitimate in a HMR/dev-server webpack plugin like react-refresh-webpack-plugin. | ai | |
| dependencies | unvetted-peer-dep:webpack-plugin-serve | AI (dependencies): webpack-plugin-serve is a known optional dev server peer dep for this plugin; expected and benign. | ai | |
| dependencies | unvetted-peer-dep:webpack | AI (dependencies): webpack is the canonical bundler this plugin targets; it is a well-established package and an expected peer dependency. | ai | |
| dependencies | unvetted-dep:ansi-html | AI (dependencies): ansi-html is a well-known ANSI-to-HTML utility used legitimately in webpack dev tooling error overlays; its inclusion is consistent with this plugin's purpose. | ai | |
| dependencies | unvetted-peer-dep:webpack-hot-middleware | AI (dependencies): webpack-hot-middleware is a standard HMR peer dep for this plugin; well-established and expected. | ai | |
| dependencies | unvetted-peer-dep:sockjs-client | AI (dependencies): sockjs-client is a standard HMR transport peer dep for webpack dev tooling; well-established and expected here. | ai | |
| dependencies | unvetted-dep:html-entities | AI (dependencies): html-entities is a well-known HTML encoding/decoding utility; expected for error overlay rendering in this plugin. | ai | |
| dependencies | unvetted-dep:anser | AI (dependencies): anser is a well-known ANSI color parsing library used in React error overlays; stable dependency for this package. | ai | |
| dependencies | unvetted-dep:core-js-pure | AI (dependencies): core-js-pure is a standard polyfill library; expected dependency for broad browser compatibility in this webpack plugin. | ai | |
| dependencies | unvetted-dep:error-stack-parser | AI (dependencies): error-stack-parser is a standard stack trace parsing library; expected for React refresh error overlay functionality. | ai | |
| publish-pattern | new-deps-added | AI (publish-pattern): anser is a well-known ANSI escape code parser; its addition is consistent with improved error overlay formatting in a dev-tools webpack plugin. | ai | |
| source-diff | net-exec-file:umd/client.min.js | AI (source-diff): umd/client.min.js is a legitimate UMD distribution bundle for the HMR client runtime. Network calls and dynamic module execution are expected for a webpack Hot Module Replacement plugin's client-side code. | ai | |
| provenance | no-provenance | AI (provenance): Lack of provenance is common for npm packages; no other risk signals present for this well-known webpack plugin. | ai |
Versions (showing 34 of 34)
| Version | Deps | Published |
|---|---|---|
| 0.6.2 | 6 / 41 | |
| 0.6.1 | 6 / 41 | |
| 0.6.0 | 6 / 41 | |
| 0.5.17 | 7 / 44 | |
| 0.5.16 | 7 / 44 | |
| 0.5.15 | 7 / 44 | |
| 0.5.14 | 7 / 44 | |
| 0.5.13 | 7 / 44 | |
| 0.5.12 | 9 / 44 | |
| 0.5.11 | 9 / 43 | |
| 0.5.10 | 9 / 43 | |
| 0.5.9 | 9 / 43 | |
| 0.5.8 | 9 / 43 | |
| 0.5.7 | 9 / 43 | |
| 0.5.6 | 9 / 43 | |
| 0.5.5 | 9 / 43 | |
| 0.5.4 | 9 / 45 | |
| 0.5.3 | 9 / 45 | |
| 0.5.2 | 9 / 45 | |
| 0.5.1 | 9 / 43 | |
| 0.5.0 | 9 / 43 | |
| 0.4.3 | 6 / 35 | |
| 0.4.2 | 6 / 35 | |
| 0.4.1 | 6 / 36 | |
| 0.4.0 | 6 / 36 | |
| 0.3.3 | 6 / 14 | |
| 0.3.2 | 6 / 14 | |
| 0.3.1 | 6 / 14 | |
| 0.3.0 | 6 / 13 | |
| 0.2.0 | 5 / 6 | |
| 0.1.3 | 6 / 5 | |
| 0.1.2 | 6 / 5 | |
| 0.1.1 | 6 / 5 | |
| 0.1.0 | 6 / 3 |