← Home

rc-tools

npm Repository Homepage

offline tools for react component

74
Versions
MIT
License
Yes
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

paranoidjkyesmeckyiminghe

Keywords

reacttools

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
dependencies unvetted-dep:request AI (dependencies): request is a well-known HTTP library; deprecated but not malicious. Its use in a build toolchain is benign. ai
phantom-deps phantom-dep:eslint-plugin-jsx-a11y AI (phantom-deps): ESLint plugin referenced in toolchain config files — standard pattern, not a security concern. ai
phantom-deps phantom-dep:eslint-config-prettier AI (phantom-deps): ESLint config referenced in toolchain config files — standard pattern, not a security concern. ai
phantom-deps phantom-dep:eslint-plugin-import AI (phantom-deps): ESLint plugin referenced in config files provided by this toolchain package — standard pattern, not a security concern. ai
phantom-deps phantom-dep:url-loader AI (phantom-deps): Config-referenced dependency in a build tool; stable false positive. ai
phantom-deps phantom-dep:less-loader AI (phantom-deps): Config-referenced dependency in a build tool; stable false positive. ai
phantom-deps phantom-dep:style-loader AI (phantom-deps): Config-referenced dependency in a build tool; stable false positive. ai
phantom-deps phantom-dep:normalize.css AI (phantom-deps): Config-referenced dependency in a build tool; stable false positive. ai
phantom-deps phantom-dep:postcss-loader AI (phantom-deps): Config-referenced dependency in a build tool; stable false positive. ai
phantom-deps phantom-dep:babel-preset-env AI (phantom-deps): Config-referenced dependency in a build tool; stable false positive. ai
phantom-deps phantom-dep:console-polyfill AI (phantom-deps): Config-referenced dependency in a build tool; stable false positive. ai
phantom-deps phantom-dep:svg-sprite-loader AI (phantom-deps): Config-referenced dependency in a build tool; stable false positive. ai
phantom-deps phantom-dep:babel-preset-react AI (phantom-deps): Config-referenced dependency in a build tool; stable false positive. ai
phantom-deps phantom-dep:eslint-plugin-react AI (phantom-deps): Config-referenced dependency in a build tool; stable false positive. ai
phantom-deps phantom-dep:babel-preset-stage-0 AI (phantom-deps): Config-referenced dependency in a build tool; stable false positive. ai
phantom-deps phantom-dep:eslint-config-airbnb AI (phantom-deps): Config-referenced dependency in a build tool; stable false positive. ai
phantom-deps phantom-dep:es5-shim AI (phantom-deps): rc-tools is a build tool that injects config referencing these packages into consumer projects; phantom-dep findings for config-referenced deps are stable false positives for this package. ai
phantom-deps phantom-dep:es6-shim AI (phantom-deps): Same as es5-shim — config-referenced dependency in a build tool, not a security concern. ai
phantom-deps phantom-dep:fastclick AI (phantom-deps): Config-referenced dependency in a build tool; stable false positive. ai
phantom-deps phantom-dep:html5shiv AI (phantom-deps): Config-referenced dependency in a build tool; stable false positive. ai
phantom-deps phantom-dep:ts-loader AI (phantom-deps): Config-referenced dependency in a build tool; stable false positive. ai
phantom-deps phantom-dep:css-loader AI (phantom-deps): Config-referenced dependency in a build tool; stable false positive. ai
phantom-deps phantom-dep:es6-promise AI (phantom-deps): Config-referenced dependency in a build tool; stable false positive. ai
phantom-deps phantom-dep:file-loader AI (phantom-deps): Config-referenced dependency in a build tool; stable false positive. ai
phantom-deps phantom-dep:babel-loader AI (phantom-deps): rc-tools intentionally declares build tool deps loaded by convention; phantom-dep findings are structural false positives for this package. ai
phantom-deps phantom-dep:babel-eslint AI (phantom-deps): rc-tools intentionally declares build tool deps loaded by convention; phantom-dep findings are structural false positives for this package. ai
phantom-deps phantom-dep:prettier AI (phantom-deps): rc-tools is a build tooling meta-package; phantom deps are config-template references for consuming projects, not security issues. ai
phantom-deps phantom-dep:@babel/core AI (phantom-deps): rc-tools is a build tooling meta-package; phantom deps are framework-scoped references loaded by convention, not security issues. ai
provenance publisher-changed AI (provenance): Publisher change from zombiej to chenshuai2144 occurred in 2019 (5+ years ago) within the react-component org. This is a historical, legitimate maintainer transition, not a recent suspicious takeover. ai
phantom-deps phantom-dep:typescript AI (phantom-deps): rc-tools is a build tooling meta-package; phantom deps are config-template references for consuming projects, not security issues. ai
phantom-deps phantom-dep:less AI (phantom-deps): rc-tools is a build tooling meta-package; phantom deps are config-template references for consuming projects, not security issues. ai
phantom-deps phantom-dep:babel-core AI (phantom-deps): rc-tools is a build tooling meta-package; phantom deps are config-template references for consuming projects, not security issues. ai
semgrep semgrep:dynamic-require AI (semgrep): Dynamic require is used to load the consuming project's package.json via resolveCwd — standard and expected pattern for a build tool. ai
semgrep semgrep:child-process-import AI (semgrep): child_process.spawn is used to run build commands (webpack, gulp, etc.) — core functionality of a CLI build tool, not malicious. ai
install-scripts install-script:postinstall AI (install-scripts): rc-tools postinstall runs 'node lib/init.js' — a local initialization script for a build toolchain, not fetching remote code. Stable pattern across all versions. ai

Versions (showing 74 of 274)

Show 1 prerelease
Version Deps Published
4.1.9 45 / 2
4.1.8 45 / 2
4.1.7 45 / 2
4.1.6 45 / 2
4.1.5 45 / 2
4.1.4 42 / 2
4.1.3 40 / 2
4.1.2 40 / 2
4.1.1 40 / 2
4.1.0 40 / 2
4.0.0 38 / 2
3.4.0 38 / 2
3.3.2 29 / 2
3.3.1 29 / 2
3.3.0 25 / 2
3.2.6 26 / 0
3.2.5 26 / 0
3.2.4 26 / 0
3.2.3 26 / 0
3.2.2 26 / 0
3.2.1 26 / 0
3.2.0 26 / 0
3.1.5 24 / 0
3.1.4 24 / 0
3.1.3 24 / 0
3.1.2 24 / 0
3.1.1 24 / 0
3.1.0 24 / 0
3.0.9 23 / 0
3.0.8 23 / 0
3.0.7 23 / 0
3.0.6 23 / 0
3.0.5 23 / 0
3.0.4 23 / 0
3.0.3 23 / 0
3.0.2 23 / 0
3.0.1 21 / 0
3.0.0 21 / 0
2.2.4 23 / 0
2.2.3 23 / 0
2.2.2 23 / 0
2.2.1 23 / 0
2.2.0 23 / 0
2.1.7 23 / 0
2.1.6 24 / 0
2.1.5 24 / 0
2.1.4 23 / 0
2.1.3 23 / 0
2.1.2 23 / 0
2.1.1 23 / 0
2.1.0 22 / 0
2.0.2 22 / 0
2.0.1 22 / 0
2.0.0 22 / 0
1.2.8 15 / 0
1.2.7 15 / 0
1.2.6 15 / 0
1.2.5 15 / 0
1.2.4 15 / 0
1.2.3 15 / 0
1.2.2 15 / 0
1.2.1 14 / 0
1.2.0 14 / 0
1.1.5 12 / 0
1.1.4 12 / 0
1.1.3 12 / 0
1.1.2 12 / 0
1.1.1 12 / 0
1.1.0 12 / 0
1.0.4 10 / 0
1.0.3 10 / 0
1.0.2 10 / 0
1.0.1 10 / 0
1.0.0 9 / 0