← Home

@react-spectrum/combobox

npm Repository Homepage

Spectrum UI components in React

100
Versions
Apache-2.0
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

devongovettaspro83

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
phantom-deps phantom-dep:@babel/runtime AI (phantom-deps): Standard transpilation dependency in React libraries; loaded by convention and expected in this context. ai
phantom-deps phantom-dep:@react-types/textfield AI (phantom-deps): Type definition package used by combobox component; standard pattern in React Spectrum ecosystem. ai
bogus-package bogus-package AI (bogus-package): Minor metadata signals; package is legitimate component library with clear purpose and proper repository. ai

Versions (showing 100 of 206)

Hide prereleases
Version Deps Published
3.17.1 3 / 2
3.17.0 3 / 0
3.16.7 25 / 1
3.16.6 25 / 1
3.16.5 25 / 1
3.16.4 25 / 1
3.16.3 25 / 1
3.16.2 25 / 1
3.16.1 25 / 1
3.16.0 25 / 1
3.15.5 25 / 1
3.15.4 25 / 1
3.15.3 25 / 1
3.15.2 25 / 1
3.15.1 25 / 1
3.15.0 25 / 1
3.14.1 25 / 1
3.14.0 25 / 1
3.13.4 25 / 1
3.13.3 25 / 1
3.13.2 25 / 1
3.13.1 25 / 1
3.13.0 25 / 1
3.12.5 25 / 1
3.12.4 25 / 1
3.12.3 25 / 1
3.12.2 25 / 1
3.12.1 25 / 1
3.12.0 25 / 1
3.11.2 25 / 1
3.11.1 25 / 1
3.11.0 25 / 1
3.10.3 25 / 1
3.10.2 25 / 1
3.10.1 25 / 1
3.10.0 25 / 1
3.9.0 25 / 1
3.8.3 25 / 1
3.8.2 25 / 1
3.8.1 25 / 1
3.8.0 25 / 1
3.7.2 25 / 1
3.7.1 25 / 1
3.7.0 25 / 1
3.6.0 25 / 1
3.5.1 25 / 1
3.5.0 25 / 1
3.4.1 25 / 1
3.4.0 25 / 1
3.3.0 25 / 1
3.2.4 25 / 1
3.2.3 25 / 1
3.2.2 25 / 1
3.2.1 25 / 1
3.2.0 25 / 1
3.1.1 25 / 1
3.1.0 25 / 1
3.0.1 25 / 1
3.0.0 25 / 1
3.0.0-nightly-ffb1a9d0d-260323 3 / 0
3.0.0-nightly-ff8f6f319-251118 25 / 1
3.0.0-nightly-fc3ea3e8c-251029 25 / 1
3.0.0-nightly-f8d513f06-251119 25 / 1
3.0.0-nightly-f61e75cea-251124 25 / 1
3.0.0-nightly-f61e75cea-251123 25 / 1
3.0.0-nightly-f3e3157d0-260219 25 / 1
3.0.0-nightly-f3e3157d0-260218 25 / 1
3.0.0-nightly-f1aafc6ce-251105 25 / 1
3.0.0-nightly-efc581c91-260413 3 / 0
3.0.0-nightly-eef731921-260216 25 / 1
3.0.0-nightly-eef731921-260215 25 / 1
3.0.0-nightly-eef731921-260214 25 / 1
3.0.0-nightly-eec6c1a4d-251223 25 / 1
3.0.0-nightly-ee49fdbaf-260306 25 / 1
3.0.0-nightly-ec7736d18-260421 3 / 0
3.0.0-nightly-e3913baaa-260422 3 / 0
3.0.0-nightly-e24140214-260309 25 / 1
3.0.0-nightly-e24140214-260308 25 / 1
3.0.0-nightly-e24140214-260307 25 / 1
3.0.0-nightly-daafdd59d-260224 25 / 1
3.0.0-nightly-daafdd59d-260223 25 / 1
3.0.0-nightly-daafdd59d-260222 25 / 1
3.0.0-nightly-daafdd59d-260221 25 / 1
3.0.0-nightly-d974b93de-260227 25 / 1
3.0.0-nightly-cfb620016-260126 25 / 1
3.0.0-nightly-cfb620016-260125 25 / 1
3.0.0-nightly-cfb620016-260124 25 / 1
3.0.0-nightly-cf7c1541e-251113 25 / 1
3.0.0-nightly-cdbfe4816-260303 25 / 1
3.0.0-nightly-c8d64314e-260208 25 / 1
3.0.0-nightly-c8d64314e-260207 25 / 1
3.0.0-nightly-c80e3d1d6-251212 25 / 1
3.0.0-nightly-c5a3ae829-260331 3 / 0
3.0.0-nightly-c2517d3bb-260115 25 / 1
3.0.0-nightly-beda77877-260414 3 / 0
3.0.0-nightly-b4382b073-260130 25 / 1
3.0.0-nightly-b321d7de8-260122 25 / 1
3.0.0-nightly-b321d7de8-260121 25 / 1
3.0.0-nightly-ac718c6cd-260402 3 / 0
3.0.0-nightly-ab5e6f3db-251110 25 / 1
Showing 100 of 206 Next page →

v3.17.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.17.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.16.7

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.16.6

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.16.5

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.16.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.16.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.16.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.16.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.16.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.15.5

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.15.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.15.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.15.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.15.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.15.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.14.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.14.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.13.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.13.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.13.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.13.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.13.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.12.5

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.12.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.12.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.12.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.12.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.12.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.11.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.11.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.11.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.10.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.10.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.10.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.10.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.9.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.8.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.8.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.8.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.8.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.7.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.7.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.7.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.6.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.5.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.5.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.4.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.4.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.3.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.2.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.2.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.2.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.2.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.2.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.1.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.1.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.0.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.0.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.