react-addons-shallow-compare
>**Note:** >This is a legacy React addon, and is no longer maintained. > >We don't encourage using it in new code, but it exists for backwards compatibility. >The recommended migration path is to use [`React.PureComponent`](https://facebook.github.io/re
27
Versions
MIT
License
No
Install Scripts
Missing
Provenance
Supply chain provenance
Status for the latest visible version.
No SLSA provenance
npm registry signatures
No source commit
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
gaearonbrianvaughnfbtrueadmsophiebits
Keywords
reactreact-addon
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| maintainer-change | maintainer-added | AI (maintainer-change): Added maintainers (flarnie, trueadm, acdlite, brianvaughn) are all known React core team members at Facebook. Legitimate team evolution, not a takeover. | ai | |
| maintainer-change | maintainer-removed | AI (maintainer-change): Removal of graue alongside addition of React core team members is consistent with normal team rotation on the facebook/react project. | ai | |
| source-diff | source-size-tripled | AI (source-diff): Size increase from 53B to 7KB is explained by addition of webpack-built UMD bundles (react-addons-shallow-compare.js/.min.js) as part of the React addon build pipeline introduced in this version. | ai | |
| provenance | publisher-changed | AI (provenance): spicyj (Ben Alpert) and gaearon (Dan Abramov) are both React core team members at Facebook; this is a legitimate internal maintainer transition, not a compromise. | ai | |
| phantom-deps | phantom-dep:object-assign | AI (phantom-deps): object-assign is a standard polyfill used across the React ecosystem; config-only reference in a thin shim is expected. | ai | |
| bogus-package | bogus-package | AI (bogus-package): react-addons-* packages are intentionally thin shims with minimal READMEs and near-empty index.js files — this is the documented pattern for all React 15.x addon packages. | ai | |
| phantom-deps | phantom-dep:fbjs | AI (phantom-deps): fbjs is a canonical Facebook/React utility library; its presence as a config-referenced dep in a React addon shim is expected and benign. | ai |
Versions (showing 27 of 27)
| Version | Deps | Published |
|---|---|---|
| 15.6.3 | 1 / 4 | |
| 15.6.2 | 2 / 4 | |
| 15.6.0 | 2 / 4 | |
| 15.5.2 | 2 / 4 | |
| 15.5.1 | 2 / 4 | |
| 15.5.0 | 2 / 4 | |
| 15.4.2 | 2 / 0 | |
| 15.4.1 | 0 / 0 | |
| 15.4.0 | 0 / 0 | |
| 15.3.2 | 0 / 0 | |
| 15.3.1 | 0 / 0 | |
| 15.3.0 | 0 / 0 | |
| 15.2.1 | 0 / 0 | |
| 15.2.0 | 0 / 0 | |
| 15.1.0 | 0 / 0 | |
| 15.0.2 | 0 / 0 | |
| 15.0.1 | 0 / 0 | |
| 15.0.0 | 0 / 0 | |
| 0.14.8 | 0 / 0 | |
| 0.14.7 | 0 / 0 | |
| 0.14.6 | 0 / 0 | |
| 0.14.5 | 0 / 0 | |
| 0.14.4 | 0 / 0 | |
| 0.14.3 | 0 / 0 | |
| 0.14.2 | 0 / 0 | |
| 0.14.1 | 0 / 0 | |
| 0.14.0 | 0 / 0 |