@storybook/preset-react-webpack

Storybook for React: Develop React Component in isolation with Hot Reloading

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

ndelangenshilmantmeasdayghengeveldwinkervsbecksyannbfkylegachjreinholdkasperpeulenvalentinpalkovicdomyenstorybook-bot

Keywords

storybook

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
phantom-deps	phantom-dep:@types/semver	AI (phantom-deps): Type-only dependency used by bundled TypeScript; not directly imported at runtime.	ai	2026/05/04
provenance	publisher-changed	AI (provenance): storybook-bot is the documented Storybook CI release account; transition from GitHub Actions is expected automation pattern.	ai	2026/05/04
phantom-deps	phantom-dep:fs-extra	AI (phantom-deps): Legitimate dep used in build/preset tooling; phantom-dep heuristic false positive for this package.	ai	2026/05/04
phantom-deps	phantom-dep:@storybook/react	AI (phantom-deps): Same-org peer/runtime dep; loaded by convention in Storybook preset architecture.	ai	2026/05/04
phantom-deps	phantom-dep:@babel/preset-flow	AI (phantom-deps): Babel preset loaded by name string at runtime, not via direct import; false positive for this package.	ai	2026/05/04
phantom-deps	phantom-dep:@types/node	AI (phantom-deps): Type-only dep; not directly imported at runtime by design.	ai	2026/05/04
source-diff	obfuscated-file:dist/framework-preset-react.js	AI (source-diff): Standard esbuild-bundled CJS output; minified format is expected for all dist files in this package.	ai	2026/05/04
source-diff	obfuscated-file:dist/loaders/react-docgen-loader.mjs	AI (source-diff): Bundled/minified build artifact for a webpack loader; content is readable React docgen logic, not obfuscated malware.	ai	2026/05/04
publish-pattern	new-deps-added	AI (publish-pattern): find-up is a well-known utility used directly in the docgen loader; benign addition.	ai	2026/05/04

Versions (showing 51 of 62)

View all versions

Version	Deps	Published
10.4.1	9 / 3	2026-05-22
10.4.0	9 / 3	2026-05-14
10.3.6	9 / 3	2026-04-29
10.3.5	9 / 3	2026-04-07
10.3.4	9 / 3	2026-04-02
10.3.3	9 / 3	2026-03-23
10.3.2	9 / 3	2026-03-23
10.3.1	9 / 3	2026-03-19
10.3.0	9 / 3	2026-03-18
10.2.19	9 / 3	2026-03-13
10.2.18	9 / 3	2026-03-13
10.2.17	9 / 3	2026-03-09
10.2.16	9 / 3	2026-03-06
10.2.15	9 / 3	2026-03-04
10.2.14	9 / 3	2026-03-02
10.2.13	9 / 3	2026-02-26
10.2.12	9 / 3	2026-02-24
10.2.11	9 / 3	2026-02-23
10.2.10	9 / 3	2026-02-18
10.2.9	9 / 3	2026-02-17
10.2.8	9 / 3	2026-02-09
10.2.7	9 / 3	2026-02-05
10.2.6	9 / 3	2026-02-04
10.2.5	9 / 3	2026-02-04
10.2.4	9 / 3	2026-02-02
10.2.3	9 / 3	2026-01-30
10.2.2	9 / 3	2026-01-30
10.2.1	9 / 3	2026-01-27
10.2.0	9 / 3	2026-01-21
10.1.11	9 / 3	2025-12-29
10.1.10	9 / 3	2025-12-17
10.1.9	9 / 3	2025-12-15
10.1.8	9 / 3	2025-12-12
10.1.7	9 / 3	2025-12-11
10.1.6	9 / 3	2025-12-10
10.1.5	9 / 3	2025-12-09
10.1.4	9 / 3	2025-12-03
10.1.3	9 / 3	2025-12-02
10.1.2	9 / 3	2025-11-28
10.1.1	9 / 3	2025-11-28
10.1.0	9 / 3	2025-11-26
10.0.8	9 / 3	2025-11-17
10.0.7	9 / 3	2025-11-11
10.0.6	9 / 3	2025-11-07
10.0.5	9 / 3	2025-11-05
10.0.4	9 / 3	2025-11-04
10.0.3	9 / 3	2025-11-03
10.0.2	9 / 3	2025-10-30
10.0.1	9 / 3	2025-10-29
10.0.0	9 / 3	2025-10-28
9.1.20	10 / 2	2026-03-05