react-split-pane
React split-pane component with hooks and TypeScript
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/index.cjs | AI (source-diff): Standard Rollup/terser minified output of a React split-pane component. Readable structure, no suspicious patterns. | ai | |
| source-diff | obfuscated-file:dist/index.js | AI (source-diff): Standard Rollup/terser minified ESM output of a React split-pane component. Readable structure, no suspicious patterns. | ai | |
| provenance | publisher-changed | AI (provenance): Publisher changed back to tomkp, the original author (account age matches package age). Legitimate reclaim. | ai | |
| maintainer-change | maintainer-added | AI (maintainer-change): wuweiweiwu was a previous co-maintainer; adding them back is consistent with project history. | ai |
Versions (showing 97 of 97)
| Version | Deps | Published |
|---|---|---|
| 3.2.0 | 0 / 24 | |
| 3.1.0 | 0 / 24 | |
| 3.0.6 | 0 / 24 | |
| 3.0.5 | 0 / 24 | |
| 3.0.4 | 0 / 24 | |
| 3.0.2 | 0 / 24 | |
| 3.0.1 | 0 / 24 | |
| 3.0.0 | 0 / 24 | |
| 2.0.3 | 8 / 25 | |
| 2.0.2 | 8 / 25 | |
| 2.0.0 | 8 / 24 | |
| 0.1.92 | 3 / 43 | |
| 0.1.91 | 3 / 39 | |
| 0.1.89 | 3 / 38 | |
| 0.1.87 | 3 / 32 | |
| 0.1.86 | 3 / 32 | |
| 0.1.85 | 5 / 30 | |
| 0.1.84 | 4 / 36 | |
| 0.1.83 | 4 / 36 | |
| 0.1.82 | 4 / 36 | |
| 0.1.81 | 4 / 40 | |
| 0.1.77 | 3 / 22 | |
| 0.1.76 | 5 / 19 | |
| 0.1.75 | 5 / 19 | |
| 0.1.74 | 5 / 19 | |
| 0.1.72 | 6 / 19 | |
| 0.1.71 | 5 / 19 | |
| 0.1.70 | 5 / 19 | |
| 0.1.69 | 5 / 19 | |
| 0.1.68 | 5 / 19 | |
| 0.1.67 | 5 / 18 | |
| 0.1.66 | 3 / 17 | |
| 0.1.65 | 3 / 23 | |
| 0.1.64 | 3 / 23 | |
| 0.1.63 | 3 / 24 | |
| 0.1.62 | 3 / 25 | |
| 0.1.61 | 2 / 25 | |
| 0.1.60 | 2 / 25 | |
| 0.1.59 | 2 / 25 | |
| 0.1.58 | 2 / 25 | |
| 0.1.57 | 2 / 25 | |
| 0.1.56 | 2 / 25 | |
| 0.1.55 | 2 / 25 | |
| 0.1.54 | 2 / 25 | |
| 0.1.53 | 2 / 25 | |
| 0.1.52 | 2 / 25 | |
| 0.1.51 | 2 / 25 | |
| 0.1.50 | 1 / 25 | |
| 0.1.49 | 1 / 25 | |
| 0.1.48 | 0 / 26 | |
| 0.1.47 | 0 / 25 | |
| 0.1.46 | 0 / 25 | |
| 0.1.45 | 0 / 25 | |
| 0.1.44 | 0 / 25 | |
| 0.1.43 | 0 / 22 | |
| 0.1.42 | 0 / 22 | |
| 0.1.40 | 0 / 22 | |
| 0.1.38 | 0 / 22 | |
| 0.1.37 | 0 / 22 | |
| 0.1.36 | 0 / 22 | |
| 0.1.35 | 1 / 22 | |
| 0.1.33 | 1 / 22 | |
| 0.1.31 | 1 / 22 | |
| 0.1.30 | 1 / 22 | |
| 0.1.29 | 1 / 18 | |
| 0.1.28 | 1 / 18 | |
| 0.1.27 | 1 / 17 | |
| 0.1.26 | 1 / 17 | |
| 0.1.25 | 1 / 16 | |
| 0.1.24 | 1 / 16 | |
| 0.1.23 | 1 / 16 | |
| 0.1.22 | 3 / 14 | |
| 0.1.20 | 3 / 13 | |
| 0.1.19 | 3 / 13 | |
| 0.1.18 | 3 / 13 | |
| 0.1.17 | 3 / 14 | |
| 0.1.16 | 3 / 11 | |
| 0.1.15 | 3 / 11 | |
| 0.1.14 | 3 / 11 | |
| 0.1.13 | 2 / 11 | |
| 0.1.11 | 2 / 11 | |
| 0.1.10 | 2 / 11 | |
| 0.1.9 | 2 / 11 | |
| 0.1.8 | 2 / 10 | |
| 0.1.7 | 2 / 10 | |
| 0.1.6 | 2 / 10 | |
| 0.1.5 | 2 / 10 | |
| 0.1.4 | 2 / 10 | |
| 0.1.2 | 2 / 10 | |
| 0.1.1 | 2 / 10 | |
| 0.1.0 | 2 / 10 | |
| 0.0.8 | 2 / 10 | |
| 0.0.7 | 2 / 10 | |
| 0.0.6 | 2 / 10 | |
| 0.0.5 | 2 / 10 | |
| 0.0.4 | 2 / 10 | |
| 0.0.3 | 2 / 10 |
v3.2.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.0.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.0.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.0.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.0.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.0.1
4 findingsThis version was published by a different npm account than previous versions on 2025-12-22. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.0.0
4 findingsThis version was published by a different npm account than previous versions on 2025-12-22. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.