← Home

@auth0/auth0-react

23
Versions
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

auth0-ossauth0npmauth0brokkrjesseleoktajeffoktajeffbsmith-auth0sanjay.manikandhanniltorresatkohenry.mcardlenicolas.villaloboschoahjosecarlos-chavez_atkotj.oktasgarcia-atkoroger.chanmaaantonelewisbyrne-oktatarunpreet.kaur

Keywords

auth0loginAuthorization Code Grant FlowPKCESingle Page Application authenticationSPA authenticationreact

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
source-diff source-size-tripled AI (source-diff): Large version gap in diff baseline (v2.1.0→v2.16.1); size growth is accumulated features. ai
source-diff encoded-string-file:dist/auth0-react.min.js AI (source-diff): Standard rollup-minified JS output; stable for this package. ai
provenance publisher-changed AI (provenance): Migration to GitHub Actions CI/CD with SLSA provenance; expected for Auth0 org. ai
source-diff encoded-string-file:dist/auth0-react.cjs.js AI (source-diff): Standard rollup-minified JS output; stable for this package. ai
source-diff encoded-string-file:dist/auth0-react.esm.js AI (source-diff): Standard rollup-minified JS output; stable for this package. ai
source-diff encoded-string-file:dist/auth0-react.js AI (source-diff): Standard rollup-minified JS output; stable for this package. ai
dependencies unvetted-dep:@auth0/auth0-spa-js AI (dependencies): @auth0/auth0-spa-js is Auth0's own first-party SPA SDK; stable dependency for this package across versions. ai
provenance no-provenance AI (provenance): Established Auth0 org package with 1.1M weekly downloads; lack of Sigstore provenance is not a meaningful risk signal here. ai

Versions (showing 23 of 23)

Version Deps Published
2.21.0 1 / 36
2.20.0 1 / 36
2.19.0 1 / 36
2.18.0 1 / 36
2.17.0 1 / 36
2.16.2 1 / 37
2.16.1 1 / 38
2.16.0 1 / 38
2.15.1 1 / 38
2.15.0 1 / 38
2.14.0 1 / 38
2.13.0 1 / 38
2.12.0 1 / 38
2.11.0 1 / 38
2.10.0 1 / 38
2.9.0 1 / 38
2.8.0 1 / 38
2.7.0 1 / 38
2.6.0 1 / 38
2.5.0 1 / 38
2.4.0 1 / 38
2.3.0 1 / 38
2.1.0 1 / 39

v2.21.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.20.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.19.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.18.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.17.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.3.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.