connected-react-router
2
Versions
—
License
No
Install Scripts
Missing
Provenance
Supply chain provenance
Status for the latest visible version.
No SLSA provenance
npm registry signatures
gitHead linked
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
supasate
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:new-function-constructor | AI (semgrep): The new Function() usage is in a webpack-generated UMD bundle wrapper — standard UMD boilerplate, not dynamic code execution of user input. Stable false positive for this package. | ai | |
| dependencies | unvetted-dep:lodash.isequalwith | AI (dependencies): lodash.isequalwith is a well-known lodash modular package; its use here for deep equality comparison is legitimate and expected. | ai | |
| dependencies | unvetted-dep:redux-seamless-immutable | AI (dependencies): redux-seamless-immutable is an intentional runtime dependency supporting optional immutable state integration; its inclusion is consistent with the library's documented feature set across all versions. | ai | |
| phantom-deps | phantom-dep:redux-seamless-immutable | AI (phantom-deps): Declared but not directly imported because it's an optional integration dependency; this pattern is stable for this package across versions. | ai | |
| provenance | no-provenance | AI (provenance): Package predates Sigstore provenance; no provenance is expected for this established project and is not a security concern. | ai |
v6.9.3
1 finding
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.5.0
1 finding
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.