mobx
Simple, scalable state management.
100
Versions
MIT
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
gitHead linked
Maintainers
fredycmweststratecapajjillesandykogxaviergonz
Keywords
mobxmobservableobservablereact-componentreactreactjsreactivemodelfrpfunctional-reactive-programmingstate managementdata flow
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | net-exec-file:dist/mobx.esm.development.js | AI (source-diff): Standard MobX build artifact; false positive on error-message table and debugger helper. | ai | |
| provenance | publisher-changed | AI (provenance): Transition from personal account to GitHub Actions CI/CD; confirmed by SLSA provenance. | ai | |
| publish-pattern | dormant-publish | AI (publish-pattern): Mature package with infrequent releases; 220-day gap is normal for stable libraries. | ai | |
| install-scripts | install-script:postinstall | AI (install-scripts): Postinstall runs `yarn --cwd website install` but `website` dir is not in published files. Dev-workflow leftover, no-op for consumers. | ai | |
| provenance | no-provenance | AI (provenance): MobX is a long-established, high-trust package published well before Sigstore provenance was widely adopted on npm. Absence of provenance is not a risk signal here. | ai | |
| semgrep | semgrep:new-function-constructor | AI (semgrep): MobX uses new Function() to construct named debugger helper functions for improved dev-mode stack traces — a documented, intentional pattern in this package, not a security risk. | ai |
Versions (showing 100 of 206)
| Version | Deps | Published |
|---|---|---|
| 4.15.2 | 0 / 34 | |
| 4.15.1 | 0 / 34 | |
| 4.15.0 | 0 / 33 | |
| 4.14.1 | 0 / 33 | |
| 4.14.0 | 0 / 33 | |
| 4.13.1 | 0 / 33 | |
| 4.13.0 | 0 / 33 | |
| 4.12.0 | 0 / 33 | |
| 4.11.0 | 0 / 33 | |
| 4.10.0 | 0 / 33 | |
| 4.9.4 | 0 / 36 | |
| 4.9.3 | 0 / 36 | |
| 4.9.2 | 0 / 34 | |
| 4.9.1 | 0 / 34 | |
| 4.9.0 | 0 / 34 | |
| 4.8.0 | 0 / 33 | |
| 4.7.0 | 0 / 33 | |
| 4.6.0 | 0 / 33 | |
| 4.5.2 | 0 / 33 | |
| 4.5.1 | 0 / 33 | |
| 4.5.0 | 0 / 33 | |
| 4.4.2 | 0 / 33 | |
| 4.4.1 | 0 / 33 | |
| 4.4.0 | 0 / 33 | |
| 4.3.2 | 0 / 33 | |
| 4.3.1 | 0 / 32 | |
| 4.3.0 | 0 / 32 | |
| 4.2.1 | 0 / 32 | |
| 4.2.0 | 0 / 32 | |
| 4.1.1 | 0 / 32 | |
| 4.1.0 | 0 / 32 | |
| 4.0.2 | 0 / 32 | |
| 4.0.1 | 0 / 32 | |
| 4.0.0 | 0 / 32 | |
| 3.6.2 | 0 / 31 | |
| 3.6.1 | 0 / 31 | |
| 3.6.0 | 0 / 31 | |
| 3.5.1 | 0 / 31 | |
| 3.4.1 | 0 / 30 | |
| 3.4.0 | 0 / 30 | |
| 3.3.3 | 0 / 30 | |
| 3.3.2 | 0 / 30 | |
| 3.3.1 | 0 / 30 | |
| 3.3.0 | 0 / 30 | |
| 3.2.2 | 0 / 28 | |
| 3.2.1 | 0 / 28 | |
| 3.2.0 | 0 / 28 | |
| 3.1.17 | 0 / 28 | |
| 3.1.16 | 0 / 28 | |
| 3.1.15 | 0 / 27 | |
| 3.1.14 | 0 / 27 | |
| 3.1.11 | 0 / 27 | |
| 3.1.10 | 0 / 21 | |
| 3.1.9 | 0 / 20 | |
| 3.1.8 | 0 / 20 | |
| 3.1.7 | 0 / 20 | |
| 3.1.5 | 0 / 20 | |
| 3.1.4 | 0 / 20 | |
| 3.1.3 | 0 / 20 | |
| 3.1.2 | 0 / 20 | |
| 3.1.0 | 0 / 20 | |
| 3.0.2 | 0 / 20 | |
| 3.0.1 | 0 / 18 | |
| 3.0.0 | 0 / 18 | |
| 2.7.0 | 0 / 17 | |
| 2.6.5 | 0 / 17 | |
| 2.6.4 | 0 / 17 | |
| 2.6.3 | 0 / 17 | |
| 2.6.2 | 0 / 17 | |
| 2.6.1 | 0 / 17 | |
| 2.6.0 | 0 / 17 | |
| 2.5.2 | 0 / 17 | |
| 2.5.1 | 0 / 17 | |
| 2.5.0 | 0 / 17 | |
| 2.4.4 | 0 / 17 | |
| 2.4.3 | 0 / 17 | |
| 2.4.2 | 0 / 17 | |
| 2.4.1 | 0 / 17 | |
| 2.4.0 | 0 / 17 | |
| 2.3.7 | 0 / 17 | |
| 2.3.6 | 0 / 17 | |
| 2.3.5 | 0 / 16 | |
| 2.3.4 | 0 / 15 | |
| 2.3.3 | 0 / 15 | |
| 2.3.2 | 0 / 15 | |
| 2.3.1 | 0 / 15 | |
| 2.3.0 | 0 / 15 | |
| 2.2.2 | 0 / 15 | |
| 2.2.1 | 0 / 15 | |
| 2.2.0 | 0 / 15 | |
| 2.1.7 | 0 / 15 | |
| 2.1.6 | 0 / 15 | |
| 2.1.5 | 0 / 15 | |
| 2.1.4 | 0 / 15 | |
| 2.1.3 | 0 / 15 | |
| 2.1.2 | 0 / 15 | |
| 2.1.1 | 0 / 15 | |
| 2.1.0 | 0 / 15 | |
| 2.0.6 | 0 / 15 | |
| 2.0.5 | 0 / 15 |
Showing 100 of 206
Next page →