react-router
Declarative routing for React
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| publish-pattern | new-deps-added | AI (publish-pattern): @remix-run/router is the official companion package from the same Remix Software org; its addition is part of the documented v6 architecture and is stable for this package. | ai | |
| source-diff | source-size-dropped | AI (source-diff): Size drop reflects react-router v6's deliberate split across @remix-run/router and react-router-dom sibling packages, not code removal or stubbing. | ai | |
| source-diff | obfuscated-file:dist/development/router-cLsU7kHk.d.mts | AI (source-diff): TypeScript declaration file (.d.mts) with long lines due to concatenated type definitions — not obfuscated code. Stable false positive for this package's dist output. | ai | |
| source-diff | obfuscated-file:dist/production/router-cLsU7kHk.d.mts | AI (source-diff): TypeScript declaration file (.d.mts) with long lines due to concatenated type definitions — not obfuscated code. Stable false positive for this package's dist output. | ai | |
| source-diff | obfuscated-file:dist/development/instrumentation--6Pioq_G.d.ts | AI (source-diff): TypeScript declaration file (.d.ts) with long lines due to concatenated type definitions — not obfuscated code. Stable false positive for this package's dist output. | ai | |
| source-diff | obfuscated-file:dist/production/instrumentation--6Pioq_G.d.ts | AI (source-diff): TypeScript declaration file (.d.ts) with long lines due to concatenated type definitions — not obfuscated code. Stable false positive for this package's dist output. | ai |
Versions (showing 51 of 241)
| Version | Deps | Published |
|---|---|---|
| 7.16.0 | 2 / 13 | |
| 7.15.1 | 2 / 13 | |
| 7.15.0 | 2 / 13 | |
| 7.14.2 | 2 / 13 | |
| 7.14.1 | 2 / 13 | |
| 7.14.0 | 2 / 13 | |
| 7.13.2 | 2 / 13 | |
| 7.13.1 | 2 / 13 | |
| 7.13.0 | 2 / 13 | |
| 7.12.0 | 2 / 13 | |
| 6.30.4 | 1 / 2 | |
| 6.30.3 | 1 / 2 | |
| 6.30.2 | 1 / 2 | |
| 5.3.4 | 9 / 0 | |
| 5.3.3 | 10 / 0 | |
| 5.3.2 | 10 / 0 | |
| 5.3.1 | 10 / 0 | |
| 5.2.1 | 10 / 0 | |
| 5.2.0 | 10 / 0 | |
| 5.1.2 | 10 / 0 | |
| 5.1.1 | 10 / 0 | |
| 5.1.0 | 10 / 0 | |
| 5.0.1 | 10 / 23 | |
| 5.0.0 | 10 / 24 | |
| 4.3.1 | 7 / 25 | |
| 4.3.0 | 6 / 26 | |
| 4.2.0 | 7 / 23 | |
| 4.1.2 | 7 / 28 | |
| 4.1.1 | 7 / 28 | |
| 4.1.0 | 7 / 28 | |
| 4.0.0 | 5 / 29 | |
| 3.2.6 | 8 / 41 | |
| 3.2.5 | 8 / 41 | |
| 3.2.4 | 8 / 41 | |
| 3.2.3 | 8 / 41 | |
| 3.2.2 | 8 / 41 | |
| 3.2.1 | 7 / 41 | |
| 3.2.0 | 7 / 41 | |
| 3.0.5 | 7 / 41 | |
| 3.0.4 | 7 / 41 | |
| 3.0.3 | 5 / 42 | |
| 3.0.2 | 5 / 42 | |
| 3.0.1 | 5 / 42 | |
| 3.0.0 | 5 / 42 | |
| 2.8.1 | 5 / 41 | |
| 2.8.0 | 5 / 41 | |
| 2.7.0 | 5 / 41 | |
| 2.6.1 | 5 / 43 | |
| 2.6.0 | 5 / 44 | |
| 2.5.2 | 5 / 44 | |
| 2.5.1 | 5 / 44 |
v7.16.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.15.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.15.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.14.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.13.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.13.1
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.13.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.12.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.30.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.30.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.30.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.2.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.