enzyme-adapter-react-15.4 MIT 18 versions

enzyme-adapter-react-15.4

npm Repository Homepage

JavaScript Testing utilities for React

18

Versions

MIT

License

No

Install Scripts

Missing

Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

airbnbenglencioninorataranoljharbintelligibabble

Keywords

javascriptshallow renderingshallowRendertestreactjsreactfluxtestingtest utilsassertion helperstddmocha

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): ljharb is a well-known, highly trusted npm publisher and documented enzyme ecosystem maintainer. The transition from intelligibabble is a legitimate handoff.	ai	2026/04/24
maintainer-change	maintainer-added	AI (maintainer-change): ljharb is a trusted, prominent npm maintainer with extensive track record. Addition is a legitimate maintainer transition for the enzyme project.	ai	2026/04/24
publish-pattern	new-deps-added	AI (publish-pattern): react-addons-test-utils is the official React 15.x test utilities package and is the core dependency this adapter is designed to wrap. Addition is entirely expected.	ai	2026/04/24
phantom-deps	phantom-dep:lodash	AI (phantom-deps): lodash is a legitimate declared dependency; phantom detection may miss indirect usage patterns in this build setup.	ai	2026/04/24
phantom-deps	phantom-dep:prop-types	AI (phantom-deps): prop-types is a legitimate declared dependency for React adapter packages; phantom detection may miss indirect usage patterns.	ai	2026/04/24
provenance	no-provenance	AI (provenance): Package was published in 2017, predating Sigstore provenance. Not a meaningful risk signal for packages of this vintage.	ai	2026/04/24

Versions (showing 18 of 18)

Version	Deps	Published
1.4.5	6 / 17	2022-11-04
1.4.4	6 / 15	2021-03-30
1.4.3	6 / 15	2021-01-19
1.4.2	6 / 15	2020-08-07
1.4.1	6 / 12	2019-10-10
1.4.0	6 / 12	2019-04-05
1.3.1	6 / 12	2019-03-12
1.3.0	6 / 12	2019-01-24
1.2.0	6 / 12	2018-11-08
1.1.1	6 / 12	2018-10-04
1.1.0	6 / 12	2018-08-25
1.0.6	6 / 12	2018-07-09
1.0.5	5 / 10	2017-11-05
1.0.4	5 / 6	2017-11-02
1.0.3	5 / 6	2017-10-27
1.0.2	6 / 5	2017-10-17
1.0.1	5 / 5	2017-10-03
1.0.0	5 / 5	2017-09-26

v1.4.5

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.4.4

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.4.3

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.4.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.4.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.4.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.3.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.3.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.2.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.1.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.1.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.6

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.5

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.4

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.3

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.2

2 findings

HIGH Publisher changed: intelligibabble → ljharb (on 2017-10-17) provenance

This version was published by a different npm account than previous versions on 2017-10-17. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.