@tanstack/eslint-plugin-router
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | publisher-changed | AI (provenance): Legitimate transition to GitHub Actions CI/CD publishing for the TanStack org. | ai | |
| maintainer-change | maintainer-added | AI (maintainer-change): lachlancollins is a known TanStack contributor; legitimate maintainer addition. | ai | |
| publish-pattern | dormant-publish | AI (publish-pattern): TanStack monorepo publishes in batches; dormancy reflects release cadence, not compromise. | ai |
Versions (showing 24 of 24)
| Version | Deps | Published |
|---|---|---|
| 1.162.0 | 1 / 4 | |
| 1.161.6 | 1 / 4 | |
| 1.161.5 | 1 / 4 | |
| 1.161.4 | 1 / 4 | |
| 1.161.2 | 1 / 3 | |
| 1.155.0 | 1 / 3 | |
| 1.154.7 | 1 / 3 | |
| 1.141.0 | 1 / 3 | |
| 1.140.0 | 1 / 3 | |
| 1.139.0 | 1 / 3 | |
| 1.133.19 | 1 / 3 | |
| 1.133.3 | 1 / 3 | |
| 1.132.31 | 1 / 3 | |
| 1.132.21 | 1 / 3 | |
| 1.132.0 | 1 / 3 | |
| 1.131.2 | 1 / 3 | |
| 1.130.12 | 1 / 3 | |
| 1.129.7 | 1 / 3 | |
| 1.125.0 | 1 / 3 | |
| 1.121.21 | 1 / 3 | |
| 1.121.20 | 1 / 3 | |
| 1.121.19 | 1 / 3 | |
| 1.121.18 | 1 / 3 | |
| 1.120.17 | 1 / 3 |
v1.162.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.161.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.161.5
2 findingsThis version was published by a different npm account than previous versions on 2026-03-15. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.161.4
2 findingsThis version was published by a different npm account than previous versions on 2026-02-21. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.161.2
2 findingsThis version was published by a different npm account than previous versions on 2026-02-19. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.155.0
2 findingsThis version was published by a different npm account than previous versions on 2026-01-23. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.154.7
2 findingsThis version was published by a different npm account than previous versions on 2026-01-22. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.141.0
2 findingsThis version was published by a different npm account than previous versions on 2025-12-11. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.140.0
2 findingsThis version was published by a different npm account than previous versions on 2025-12-07. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.139.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.133.19
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.133.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.132.31
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.132.21
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.132.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.131.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.130.12
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.129.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.125.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.121.21
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.121.20
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.121.19
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.121.18
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.120.17
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.