rc-util
Common Utils For React Component
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | publisher-changed | AI (provenance): afc163 is a known core maintainer of the react-component org; rotation from zombiej is a legitimate team handoff. | ai | |
| provenance | no-provenance | AI (provenance): Informational only; rc-util is a well-established package with trusted publishers. | ai |
Versions (showing 51 of 214)
| Version | Deps | Published |
|---|---|---|
| 5.44.4 | 2 / 28 | |
| 5.44.3 | 2 / 28 | |
| 5.44.2 | 2 / 28 | |
| 5.44.1 | 2 / 28 | |
| 5.44.0 | 2 / 28 | |
| 5.43.1 | 2 / 28 | |
| 5.43.0 | 2 / 26 | |
| 5.42.1 | 2 / 24 | |
| 5.42.0 | 2 / 24 | |
| 5.41.0 | 2 / 24 | |
| 5.40.1 | 2 / 24 | |
| 5.40.0 | 2 / 24 | |
| 5.39.3 | 2 / 24 | |
| 5.39.2 | 2 / 24 | |
| 5.39.1 | 2 / 23 | |
| 5.39.0 | 2 / 23 | |
| 5.38.2 | 2 / 23 | |
| 5.38.1 | 2 / 21 | |
| 5.38.0 | 2 / 21 | |
| 5.37.0 | 2 / 21 | |
| 5.36.0 | 2 / 21 | |
| 5.35.1 | 2 / 21 | |
| 5.35.0 | 2 / 21 | |
| 5.34.1 | 2 / 21 | |
| 5.34.0 | 2 / 21 | |
| 5.33.1 | 2 / 21 | |
| 5.33.0 | 2 / 21 | |
| 5.32.4 | 2 / 21 | |
| 5.32.3 | 2 / 21 | |
| 5.32.2 | 2 / 21 | |
| 5.32.1 | 2 / 21 | |
| 5.32.0 | 2 / 21 | |
| 5.31.2 | 2 / 21 | |
| 5.31.1 | 2 / 21 | |
| 5.31.0 | 2 / 21 | |
| 5.30.0 | 2 / 21 | |
| 5.29.3 | 2 / 21 | |
| 5.29.2 | 2 / 21 | |
| 5.29.1 | 2 / 21 | |
| 5.29.0 | 2 / 21 | |
| 5.28.0 | 2 / 21 | |
| 5.27.2 | 2 / 19 | |
| 5.27.1 | 2 / 19 | |
| 5.27.0 | 2 / 19 | |
| 5.26.0 | 3 / 20 | |
| 5.25.3 | 3 / 20 | |
| 5.25.2 | 3 / 20 | |
| 5.25.1 | 3 / 20 | |
| 5.25.0 | 3 / 20 | |
| 5.24.8 | 3 / 20 | |
| 5.24.6 | 3 / 20 |
v5.44.3
2 findings[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version was published by a different npm account than previous versions on 2024-12-24. This could indicate a legitimate maintainer transition or an account compromise.
v5.44.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.44.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.44.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.43.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.43.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.42.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.42.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.41.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.40.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.40.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.39.3
2 findingsThis version was published by a different npm account than previous versions on 2024-05-04. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.39.2
2 findings[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version was published by a different npm account than previous versions on 2024-05-04. This could indicate a legitimate maintainer transition or an account compromise.
v5.39.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.39.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.38.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.38.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.38.0
2 findings[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version was published by a different npm account than previous versions on 2023-10-12. This could indicate a legitimate maintainer transition or an account compromise.
v5.37.0
2 findings[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version was published by a different npm account than previous versions on 2023-08-23. This could indicate a legitimate maintainer transition or an account compromise.
v5.36.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.35.1
2 findings[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version was published by a different npm account than previous versions on 2023-08-04. This could indicate a legitimate maintainer transition or an account compromise.
v5.35.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.34.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.34.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.33.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.33.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.32.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.32.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.32.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.32.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.32.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.31.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.31.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.31.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.30.0
2 findings[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version was published by a different npm account than previous versions on 2023-04-17. This could indicate a legitimate maintainer transition or an account compromise.
v5.29.3
2 findings[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version was published by a different npm account than previous versions on 2023-03-29. This could indicate a legitimate maintainer transition or an account compromise.
v5.29.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.29.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.29.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.28.0
2 findings[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version was published by a different npm account than previous versions on 2023-02-20. This could indicate a legitimate maintainer transition or an account compromise.
v5.27.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.27.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.27.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.26.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.25.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.25.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.25.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.25.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.24.8
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.24.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.