gatsby-link

An enhanced Link component for Gatsby sites with support for resource prefetching

Supply chain provenance

Status for the latest visible version.

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

Keywords

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	obfuscated-file:dist/index.js	AI (source-diff): Minified output from microbundle build tool; readable React Link component code with no suspicious patterns. Standard for this package's new build setup.	ai	2026/04/24
source-diff	obfuscated-file:dist/index.modern.mjs	AI (source-diff): ESM minified output from microbundle; same benign React Link component code. Standard build artifact for this package.	ai	2026/04/24
provenance	publisher-changed	AI (provenance): Gatsby was acquired by Netlify; transition from pieh to serhalp-netlify is a legitimate org-level maintainer change.	ai	2026/04/24
maintainer-change	maintainer-added	AI (maintainer-change): New maintainers (mlgualtieri-gatsby, serhalp-netlify) are Netlify/Gatsby org members; expected post-acquisition.	ai	2026/04/24
maintainer-change	maintainer-removed	AI (maintainer-change): Removal of prior individual maintainer 'fk' is consistent with Gatsby→Netlify org transition.	ai	2026/04/24
phantom-deps	phantom-dep:@types/reach__router	AI (phantom-deps): Type definition package declared for downstream consumers; not directly imported but legitimately needed.	ai	2026/04/24

Version	Deps	Published
1.3.0	2 / 1	2017-07-19
1.0.9	2 / 1	2017-07-10
1.0.8	2 / 1	2017-07-09
1.0.1	2 / 1	2017-07-06
1.0.0	2 / 1	2017-07-06
5.17.0-react19.0	3 / 5	2025-11-24
5.17.0-next.0	3 / 5	2025-11-27
5.16.0-next.0	3 / 5	2025-08-27