@frontegg/react-hooks
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:@frontegg/redux-store | AI (dependencies): Internal Frontegg monorepo dependency; stable pattern across all versions of this package family. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Scoped sub-package of established Frontegg SDK; missing metadata is a pattern across all their packages. | ai | |
| npm-metadata | no-description | AI (npm-metadata): Consistent with Frontegg's sub-package publishing pattern across 1237 versions. | ai | |
| phantom-deps | phantom-dep:@types/react | AI (phantom-deps): Type-only dev dependency; not imported at runtime by convention. | ai | |
| phantom-deps | phantom-dep:@types/react-is | AI (phantom-deps): Type-only dev dependency; not imported at runtime by convention. | ai |
Versions (showing 43 of 43)
| Version | Deps | Published |
|---|---|---|
| 7.110.0 | 8 / 0 | |
| 7.109.0 | 8 / 0 | |
| 7.108.0 | 8 / 0 | |
| 7.107.0 | 8 / 0 | |
| 7.106.0 | 8 / 0 | |
| 7.105.0 | 8 / 0 | |
| 7.104.0 | 8 / 0 | |
| 7.103.0 | 8 / 0 | |
| 7.102.0 | 8 / 0 | |
| 7.101.0 | 8 / 0 | |
| 7.100.0 | 8 / 0 | |
| 7.99.0 | 8 / 0 | |
| 7.98.0 | 8 / 0 | |
| 7.97.0 | 8 / 0 | |
| 7.96.0 | 8 / 0 | |
| 7.95.0 | 8 / 0 | |
| 7.94.0 | 8 / 0 | |
| 7.93.0 | 8 / 0 | |
| 7.92.0 | 8 / 0 | |
| 7.91.0 | 8 / 0 | |
| 7.90.0 | 8 / 0 | |
| 7.89.0 | 8 / 0 | |
| 7.88.0 | 8 / 0 | |
| 7.87.0 | 8 / 0 | |
| 7.86.0 | 8 / 0 | |
| 7.85.0 | 8 / 0 | |
| 7.84.0 | 8 / 0 | |
| 7.83.0 | 8 / 0 | |
| 7.82.0 | 8 / 0 | |
| 7.81.0 | 8 / 0 | |
| 7.80.0 | 8 / 0 | |
| 7.79.0 | 8 / 0 | |
| 7.78.0 | 8 / 0 | |
| 7.77.0 | 8 / 0 | |
| 7.76.0 | 8 / 0 | |
| 7.75.0 | 8 / 0 | |
| 7.74.0 | 8 / 0 | |
| 7.73.0 | 8 / 0 | |
| 7.72.0 | 8 / 0 | |
| 7.71.0 | 8 / 0 | |
| 7.70.0 | 8 / 0 | |
| 7.69.0 | 8 / 0 | |
| 7.68.0 | 8 / 0 |
v7.110.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.109.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.108.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.107.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.106.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.105.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.103.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.102.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.101.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.100.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.99.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.98.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.97.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.96.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.95.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.94.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.93.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.92.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.91.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.90.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.89.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.88.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.87.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.86.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.85.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.84.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.83.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.82.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.81.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.80.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.79.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.78.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.77.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.76.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.75.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.74.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.73.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.72.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.71.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.70.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.69.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.68.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.