@tanstack/react-router — Greenflagged

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

tannerlinsleytkdodoalemtuzlakkevinvandyschiller-manuel

Keywords

reactlocationrouterroutingasyncasync routertypescript

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): TanStack/router migrated to GitHub Actions CI/CD publishing with SLSA provenance attestation — this is an improvement in supply chain security, not a risk. Stable for this package.	ai	2026/04/26
maintainer-change	maintainer-added	AI (maintainer-change): lachlancollins is a known TanStack contributor; addition is consistent with legitimate team growth for this well-established project.	ai	2026/04/26
dependencies	unvetted-dep:@tanstack/history	AI (dependencies): First-party TanStack sibling package from the same monorepo (TanStack/router). Expected dependency; not a security concern.	ai	2026/04/25
dependencies	unvetted-dep:@tanstack/react-store	AI (dependencies): First-party TanStack package from the same ecosystem. Expected dependency for @tanstack/react-router; not a security concern.	ai	2026/04/25
dependencies	unvetted-dep:@tanstack/router-core	AI (dependencies): First-party TanStack sibling package from the same monorepo (TanStack/router). Expected core dependency; not a security concern.	ai	2026/04/25

Versions (showing 100 of 348)

Version	Deps	Published
1.154.10	6 / 8	2026-01-22
1.154.8	6 / 8	2026-01-22
1.154.7	6 / 8	2026-01-22
1.154.6	6 / 8	2026-01-21
1.154.5	6 / 8	2026-01-21
1.154.4	6 / 8	2026-01-21
1.154.3	6 / 8	2026-01-21
1.154.2	6 / 8	2026-01-21
1.154.1	6 / 8	2026-01-21
1.153.2	6 / 8	2026-01-19
1.153.1	6 / 8	2026-01-19
1.151.6	6 / 8	2026-01-18
1.151.3	6 / 8	2026-01-18
1.151.2	6 / 8	2026-01-18
1.151.1	6 / 8	2026-01-17
1.151.0	6 / 8	2026-01-17
1.150.0	6 / 8	2026-01-14
1.149.3	6 / 8	2026-01-13
1.147.3	6 / 8	2026-01-11
1.147.2	6 / 8	2026-01-10
1.147.1	6 / 8	2026-01-10
1.147.0	6 / 8	2026-01-10
1.146.2	6 / 8	2026-01-08
1.146.1	6 / 8	2026-01-08
1.146.0	6 / 8	2026-01-08
1.145.11	6 / 8	2026-01-07
1.145.7	6 / 8	2026-01-05
1.145.6	6 / 8	2026-01-05
1.144.0	6 / 8	2025-12-27
1.143.11	6 / 8	2025-12-26
1.143.6	6 / 8	2025-12-24
1.143.4	6 / 8	2025-12-23
1.143.3	6 / 8	2025-12-23
1.143.2	6 / 8	2025-12-23
1.142.13	6 / 8	2025-12-23
1.142.11	6 / 8	2025-12-22
1.142.8	6 / 8	2025-12-21
1.142.7	6 / 8	2025-12-21
1.142.6	6 / 8	2025-12-21
1.141.8	6 / 8	2025-12-19
1.141.6	6 / 8	2025-12-17
1.141.4	6 / 8	2025-12-17
1.141.2	6 / 8	2025-12-12
1.141.1	6 / 8	2025-12-11
1.141.0	6 / 8	2025-12-11
1.140.5	6 / 8	2025-12-10
1.140.1	6 / 8	2025-12-09
1.140.0	6 / 8	2025-12-07
1.139.16	6 / 8	2025-12-07
1.139.14	6 / 8	2025-12-02
1.139.13	6 / 8	2025-12-02
1.139.12	6 / 8	2025-11-29
1.139.11	6 / 8	2025-11-29
1.139.10	6 / 8	2025-11-27
1.139.9	6 / 8	2025-11-27
1.139.7	6 / 8	2025-11-26
1.139.6	6 / 8	2025-11-25
1.139.5	6 / 8	2025-11-25
1.139.3	6 / 8	2025-11-23
1.139.1	6 / 8	2025-11-21
1.139.0	6 / 8	2025-11-20
1.136.18	6 / 8	2025-11-19
1.136.17	6 / 8	2025-11-19
1.136.16	6 / 8	2025-11-19
1.136.15	6 / 8	2025-11-19
1.136.14	6 / 8	2025-11-19
1.136.13	6 / 8	2025-11-19
1.136.11	6 / 8	2025-11-19
1.136.10	6 / 8	2025-11-18
1.136.9	6 / 8	2025-11-18
1.136.8	6 / 8	2025-11-16
1.136.6	6 / 8	2025-11-16
1.136.5	6 / 8	2025-11-15
1.136.4	6 / 8	2025-11-15
1.136.3	6 / 8	2025-11-14
1.136.2	6 / 8	2025-11-14
1.136.1	6 / 8	2025-11-13
1.136.0	6 / 8	2025-11-13
1.135.2	6 / 8	2025-11-11
1.135.0	6 / 8	2025-11-09
1.134.20	6 / 8	2025-11-09
1.134.18	6 / 8	2025-11-09
1.134.17	6 / 8	2025-11-09
1.134.15	6 / 8	2025-11-08
1.134.13	6 / 8	2025-11-06
1.134.12	6 / 8	2025-11-04
1.134.9	6 / 8	2025-11-02
1.134.4	6 / 8	2025-10-31
1.133.36	6 / 8	2025-10-29
1.133.35	6 / 8	2025-10-28
1.133.32	6 / 8	2025-10-26
1.133.28	6 / 8	2025-10-25
1.133.27	6 / 8	2025-10-24
1.133.25	6 / 8	2025-10-23
1.133.22	6 / 8	2025-10-22
1.133.21	6 / 8	2025-10-21
1.133.20	6 / 8	2025-10-20
1.133.19	6 / 8	2025-10-20
1.133.18	6 / 8	2025-10-20
1.133.15	6 / 8	2025-10-19

Showing 100 of 348 Next page →

v1.154.10

2 findings

HIGH Publisher changed: tannerlinsley → GitHub Actions (on 2026-01-22) provenance

This version was published by a different npm account than previous versions on 2026-01-22. This could indicate a legitimate maintainer transition or an account compromise.