@mxmweb/rtext
> 统一富文本组件库,基于 Slate 与 React 封装,支持富文本编辑/渲染、Markdown/HTML/纯文本多源输入、模板字段、虚拟滚动与分段加载等能力。
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:lib_enter-e1LoilHd.js | AI (source-diff): Vite/Rollup bundle output for React component lib; minified but not obfuscated. | ai | |
| source-diff | net-exec-file:lib_enter-e1LoilHd.js | AI (source-diff): Bundled React component lib; network+exec pattern from bundled dependencies, not malicious. | ai | |
| source-diff | obfuscated-file:lib_enter-Cf6QOT_E.js | AI (source-diff): Vite/Rollup bundle output for a React component library; not obfuscated. | ai | |
| source-diff | net-exec-file:lib_enter-Cf6QOT_E.js | AI (source-diff): False positive on bundled React component lib; no real network+exec pattern. | ai | |
| source-diff | obfuscated-file:lib_enter-Dc5XyCCf.js | AI (source-diff): Vite/Rollup bundle output for a React component lib; minification is expected. | ai | |
| source-diff | net-exec-file:lib_enter-Dc5XyCCf.js | AI (source-diff): Bundled React component lib; network+exec pattern from bundled dependencies, not malicious. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Internal scoped package with 82 versions; sparse metadata is a consistent pattern across all versions, not a malware indicator. | ai | |
| typosquat | typosquat.levenshtein:next | AI (typosquat): Scoped package @mxmweb/rtext; Levenshtein match to 'next' is coincidental, not a typosquat attempt. | ai |
Versions (showing 51 of 81)
| Version | Deps | Published |
|---|---|---|
| 1.7.15 | 0 / 0 | |
| 1.7.13 | 0 / 0 | |
| 1.7.12 | 0 / 0 | |
| 1.7.11 | 0 / 0 | |
| 1.7.10 | 0 / 0 | |
| 1.7.8 | 0 / 0 | |
| 1.7.7 | 0 / 0 | |
| 1.7.5 | 0 / 0 | |
| 1.7.4 | 0 / 0 | |
| 1.7.3 | 0 / 0 | |
| 1.7.2 | 0 / 0 | |
| 1.7.1 | 0 / 0 | |
| 1.7.0 | 0 / 0 | |
| 1.6.23 | 0 / 0 | |
| 1.6.22 | 0 / 0 | |
| 1.6.21 | 0 / 0 | |
| 1.6.20 | 0 / 0 | |
| 1.6.19 | 0 / 0 | |
| 1.6.17 | 0 / 0 | |
| 1.6.16 | 0 / 0 | |
| 1.6.15 | 0 / 0 | |
| 1.6.14 | 0 / 0 | |
| 1.6.13 | 0 / 0 | |
| 1.6.12 | 0 / 0 | |
| 1.6.10 | 0 / 0 | |
| 1.6.9 | 0 / 0 | |
| 1.6.8 | 0 / 0 | |
| 1.6.7 | 0 / 0 | |
| 1.6.6 | 0 / 0 | |
| 1.6.5 | 0 / 0 | |
| 1.6.4 | 0 / 0 | |
| 1.6.3 | 0 / 0 | |
| 1.6.2 | 0 / 0 | |
| 1.6.1 | 0 / 0 | |
| 1.6.0 | 0 / 0 | |
| 1.5.9 | 0 / 0 | |
| 1.5.8 | 0 / 0 | |
| 1.5.7 | 0 / 0 | |
| 1.5.6 | 0 / 0 | |
| 1.5.5 | 0 / 0 | |
| 1.5.3 | 0 / 0 | |
| 1.4.4 | 0 / 0 | |
| 1.4.3 | 0 / 0 | |
| 1.4.2 | 0 / 0 | |
| 1.3.10 | 0 / 0 | |
| 1.3.9 | 0 / 0 | |
| 1.3.8 | 0 / 0 | |
| 1.3.7 | 0 / 0 | |
| 1.3.6 | 0 / 0 | |
| 1.3.3 | 0 / 0 | |
| 1.3.1 | 0 / 0 |
v1.7.13
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.7.12
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.7.11
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.7.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.7.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.7.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.7.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.7.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.7.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.23
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.22
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.21
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.20
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.19
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.17
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.16
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.5.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.5.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.5.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.5.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.