@clerk/clerk-react
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:eslint-config-custom | AI (dependencies): Internal monorepo lint config, not a real external dependency risk. | ai | |
| phantom-deps | phantom-dep:eslint-config-custom | AI (phantom-deps): Used via config files, not import; standard monorepo tooling pattern. | ai | |
| provenance | publisher-changed | AI (provenance): Clerk migrated publishing to GitHub Actions CI/CD with SLSA/Sigstore attestation. This is a legitimate and positive supply chain improvement for this org, not a takeover. | ai | |
| publish-pattern | dormant-publish | AI (publish-pattern): Package has 4271 versions; dormancy reflects sub-package publish cadence variation, not project abandonment. Clerk is an active company. | ai | |
| phantom-deps | phantom-dep:tslib | AI (phantom-deps): tslib is a standard TypeScript runtime helper; phantom-dep detection is a known false positive for TypeScript-compiled packages. | ai |
Versions (showing 51 of 68)
| Version | Deps | Published |
|---|---|---|
| 5.61.9 | 2 / 3 | |
| 5.61.8 | 2 / 3 | |
| 5.61.7 | 2 / 3 | |
| 5.61.6 | 2 / 3 | |
| 5.61.5 | 2 / 3 | |
| 5.61.4 | 2 / 3 | |
| 5.61.3 | 2 / 3 | |
| 5.61.2 | 2 / 3 | |
| 5.61.1 | 2 / 3 | |
| 5.61.0 | 2 / 3 | |
| 5.60.2 | 2 / 3 | |
| 5.60.1 | 2 / 3 | |
| 5.60.0 | 2 / 3 | |
| 5.59.6 | 2 / 3 | |
| 5.59.5 | 2 / 3 | |
| 5.59.4 | 2 / 3 | |
| 5.59.3 | 2 / 3 | |
| 5.59.2 | 2 / 3 | |
| 5.59.1 | 2 / 3 | |
| 5.59.0 | 2 / 3 | |
| 5.58.1 | 2 / 3 | |
| 5.58.0 | 2 / 3 | |
| 5.57.1 | 2 / 3 | |
| 5.57.0 | 2 / 3 | |
| 5.56.2 | 2 / 3 | |
| 5.56.1 | 2 / 3 | |
| 5.56.0 | 2 / 3 | |
| 5.55.0 | 2 / 3 | |
| 5.54.0 | 2 / 3 | |
| 5.53.9 | 2 / 3 | |
| 5.53.8 | 2 / 3 | |
| 5.53.7 | 2 / 3 | |
| 5.53.6 | 2 / 3 | |
| 5.53.5 | 2 / 3 | |
| 5.53.4 | 3 / 3 | |
| 5.8.2 | 3 / 7 | |
| 5.8.1 | 3 / 7 | |
| 5.8.0 | 3 / 7 | |
| 5.7.0 | 3 / 7 | |
| 5.6.0 | 3 / 7 | |
| 5.5.0 | 3 / 7 | |
| 5.4.5 | 3 / 7 | |
| 5.4.4 | 3 / 7 | |
| 5.4.3 | 3 / 7 | |
| 5.4.2 | 3 / 7 | |
| 5.4.1 | 3 / 7 | |
| 5.4.0 | 3 / 7 | |
| 5.3.3 | 3 / 7 | |
| 5.3.2 | 3 / 7 | |
| 5.3.1 | 3 / 7 | |
| 5.3.0 | 3 / 7 |
v5.61.9
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.61.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.61.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.8.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.8.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.8.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.7.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.6.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.5.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.4.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.4.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.4.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.4.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.4.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.4.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.3.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.3.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.3.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v5.3.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.