← Home

@react-spectrum/menu

npm Repository Homepage

Spectrum UI components in React

100
Versions
Apache-2.0
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

devongovettaspro83

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
phantom-deps phantom-dep:@babel/runtime AI (phantom-deps): Framework-scoped Babel runtime loaded by convention in transpiled packages; stable pattern for this package. ai
phantom-deps phantom-dep:@react-stately/utils AI (phantom-deps): React Spectrum monorepo dependency referenced in config; expected for component libraries in this ecosystem. ai
phantom-deps phantom-dep:@react-aria/selection AI (phantom-deps): React Spectrum monorepo dependency referenced in config; expected for component libraries in this ecosystem. ai
phantom-deps phantom-dep:@react-aria/virtualizer AI (phantom-deps): React Spectrum monorepo dependency referenced in config; expected for component libraries in this ecosystem. ai
phantom-deps phantom-dep:@react-spectrum/divider AI (phantom-deps): Same-org scoped dependency; component composition is expected in Spectrum library. ai
phantom-deps phantom-dep:@react-spectrum/checkbox AI (phantom-deps): Same-org scoped dependency; component composition is expected in Spectrum library. ai
phantom-deps phantom-dep:@swc/helpers AI (phantom-deps): @swc/helpers is a known implicit runtime dependency of SWC-compiled code; stable for this package. ai
phantom-deps phantom-dep:@react-aria/overlays AI (phantom-deps): Transitive dependency referenced in config; expected for React Spectrum menu component. ai
phantom-deps phantom-dep:@react-stately/overlays AI (phantom-deps): Transitive dependency referenced in config; expected for React Spectrum menu component. ai

Versions (showing 100 of 210)

Hide prereleases
Version Deps Published
3.23.1 3 / 2
3.23.0 3 / 0
3.22.11 22 / 1
3.22.10 22 / 1
3.22.9 22 / 1
3.22.8 22 / 1
3.22.7 22 / 1
3.22.6 22 / 1
3.22.5 22 / 1
3.22.4 22 / 1
3.22.3 22 / 1
3.22.2 22 / 1
3.22.1 22 / 1
3.22.0 22 / 1
3.21.3 22 / 1
3.21.2 22 / 1
3.21.1 22 / 1
3.21.0 22 / 1
3.20.5 22 / 1
3.20.4 22 / 1
3.20.3 22 / 1
3.20.2 22 / 1
3.20.1 22 / 1
3.20.0 22 / 1
3.19.1 22 / 1
3.19.0 22 / 1
3.18.1 22 / 1
3.18.0 22 / 1
3.17.0 22 / 1
3.16.0 22 / 1
3.15.1 27 / 1
3.15.0 27 / 1
3.14.0 27 / 1
3.13.0 27 / 1
3.12.0 27 / 1
3.11.1 26 / 1
3.11.0 26 / 1
3.10.1 26 / 1
3.10.0 26 / 1
3.9.2 26 / 1
3.9.1 26 / 1
3.9.0 26 / 1
3.8.2 26 / 1
3.8.1 26 / 1
3.8.0 26 / 1
3.7.1 26 / 1
3.7.0 26 / 1
3.6.4 26 / 1
3.6.3 26 / 1
3.6.2 26 / 1
3.6.1 26 / 1
3.6.0 26 / 1
3.5.1 26 / 1
3.5.0 26 / 1
3.4.0 26 / 1
3.3.0 23 / 1
3.2.3 23 / 1
3.2.2 23 / 1
3.2.1 23 / 1
3.2.0 23 / 1
3.1.0 23 / 1
3.0.2 23 / 1
3.0.1 23 / 1
3.0.0 23 / 1
3.0.0-nightly-ffb1a9d0d-260323 3 / 0
3.0.0-nightly-ff8f6f319-251118 22 / 1
3.0.0-nightly-fc3ea3e8c-251029 22 / 1
3.0.0-nightly-f8d513f06-251119 22 / 1
3.0.0-nightly-f61e75cea-251124 22 / 1
3.0.0-nightly-f61e75cea-251123 22 / 1
3.0.0-nightly-f3e3157d0-260219 22 / 1
3.0.0-nightly-f3e3157d0-260218 22 / 1
3.0.0-nightly-f1aafc6ce-251105 22 / 1
3.0.0-nightly-efc581c91-260413 3 / 0
3.0.0-nightly-eef731921-260216 22 / 1
3.0.0-nightly-eef731921-260215 22 / 1
3.0.0-nightly-eef731921-260214 22 / 1
3.0.0-nightly-eec6c1a4d-251223 22 / 1
3.0.0-nightly-ee49fdbaf-260306 22 / 1
3.0.0-nightly-ec7736d18-260421 3 / 0
3.0.0-nightly-e3913baaa-260422 3 / 0
3.0.0-nightly-e24140214-260309 22 / 1
3.0.0-nightly-e24140214-260308 22 / 1
3.0.0-nightly-e24140214-260307 22 / 1
3.0.0-nightly-daafdd59d-260224 22 / 1
3.0.0-nightly-daafdd59d-260223 22 / 1
3.0.0-nightly-daafdd59d-260222 22 / 1
3.0.0-nightly-daafdd59d-260221 22 / 1
3.0.0-nightly-d974b93de-260227 22 / 1
3.0.0-nightly-cfb620016-260126 22 / 1
3.0.0-nightly-cfb620016-260125 22 / 1
3.0.0-nightly-cfb620016-260124 22 / 1
3.0.0-nightly-cf7c1541e-251113 22 / 1
3.0.0-nightly-cdbfe4816-260303 22 / 1
3.0.0-nightly-c8d64314e-260208 22 / 1
3.0.0-nightly-c8d64314e-260207 22 / 1
3.0.0-nightly-c80e3d1d6-251212 22 / 1
3.0.0-nightly-c5a3ae829-260331 3 / 0
3.0.0-nightly-c2517d3bb-260115 22 / 1
3.0.0-nightly-beda77877-260414 3 / 0
Showing 100 of 210 Next page →

v3.23.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.23.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.22.11

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.22.10

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.22.9

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.22.8

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.22.7

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.22.6

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.22.5

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.22.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.22.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.22.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.22.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.22.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.21.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.21.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.21.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.21.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.20.5

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.20.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.20.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.20.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.20.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.20.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.19.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.19.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.18.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.18.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.17.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.16.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.15.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.15.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.14.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.13.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.12.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.11.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.11.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.10.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.10.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.9.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.9.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.9.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.8.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.8.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.8.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.7.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.7.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.6.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.6.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.6.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.6.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.6.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.5.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.5.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.4.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.3.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.2.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.2.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.2.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.2.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.1.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.0.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.0.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.0.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.