rc-resize-observer
Resize observer for React
25
Versions
MIT
License
No
Install Scripts
Missing
Provenance
Supply chain provenance
Status for the latest visible version.
No SLSA provenance
npm registry signatures
gitHead linked
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
afc163zombiej
Keywords
reactreact-componentreact-resize-observerresize-observer
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | net-exec-file:dist/umi.a64e07a9.js | AI (source-diff): False positive: standard webpack bundle for dumi docs site. Dynamic module loading patterns in webpack bundles routinely trigger this rule without being malicious. | ai | |
| source-diff | obfuscated-file:dist/umi.a64e07a9.js | AI (source-diff): This is a dumi documentation site webpack bundle, not malicious obfuscation. Content is consistent with React/UMI documentation build output for this package. | ai | |
| source-diff | obfuscated-file:dist/255.a589cfdb.async.js | AI (source-diff): Webpack async chunk from dumi documentation build. Content shows standard React component utilities, not malicious code. | ai | |
| source-diff | obfuscated-file:dist/514.c30380c0.async.js | AI (source-diff): Webpack async chunk from dumi documentation build. Content shows SVG icons and React components, not malicious code. | ai | |
| source-diff | source-size-tripled | AI (source-diff): Size increase explained by addition of full dumi documentation site build artifacts in dist/. Intentional per package.json files array and postpublish gh-pages deployment. | ai | |
| source-diff | obfuscated-file:dist/demos.c4cd89a6.async.js | AI (source-diff): Webpack async chunk from dumi documentation build containing resize observer demo code. Clearly legitimate. | ai | |
| source-diff | obfuscated-file:dist/docs__index.md.8f778c32.async.js | AI (source-diff): Webpack async chunk from dumi documentation build containing rendered markdown docs. Clearly legitimate. | ai | |
| provenance | publisher-changed | AI (provenance): afc163 and zombiej are both known react-component/Ant Design ecosystem maintainers; the 2020 transition is a legitimate org-level handoff, not a compromise. | ai | |
| phantom-deps | phantom-dep:classnames | AI (phantom-deps): classnames is declared as a runtime dependency in package.json for this package; the phantom-dep finding is a false positive for this package's structure. | ai |
Versions (showing 25 of 25)
| Version | Deps | Published |
|---|---|---|
| 1.4.3 | 4 / 24 | |
| 1.4.2 | 4 / 24 | |
| 1.4.1 | 4 / 24 | |
| 1.4.0 | 4 / 24 | |
| 1.3.1 | 4 / 22 | |
| 1.3.0 | 4 / 22 | |
| 1.2.1 | 4 / 22 | |
| 1.2.0 | 4 / 22 | |
| 1.1.2 | 4 / 22 | |
| 1.1.1 | 4 / 22 | |
| 1.1.0 | 4 / 22 | |
| 1.0.1 | 4 / 22 | |
| 1.0.0 | 4 / 19 | |
| 0.3.0 | 4 / 19 | |
| 0.2.6 | 4 / 19 | |
| 0.2.5 | 4 / 19 | |
| 0.2.4 | 4 / 19 | |
| 0.2.3 | 4 / 18 | |
| 0.2.2 | 3 / 18 | |
| 0.2.1 | 3 / 18 | |
| 0.2.0 | 3 / 18 | |
| 0.1.3 | 3 / 18 | |
| 0.1.2 | 3 / 18 | |
| 0.1.1 | 3 / 18 | |
| 0.1.0 | 3 / 18 |