@plumile/router
A modern, type-safe React router with code splitting, data preloading, and Suspense integration
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:lib/esm/routing/useNavigateWithQuery.js | AI (source-diff): Long lines are inline sourcemaps in compiled ESM output, not obfuscation. | ai | |
| source-diff | obfuscated-file:lib/esm/routing/devtools.js | AI (source-diff): Long lines are inline sourcemaps in compiled ESM output, not obfuscation. | ai | |
| source-diff | obfuscated-file:lib/esm/routing/filters.js | AI (source-diff): Long lines are inline sourcemaps in compiled ESM output, not obfuscation. | ai | |
| source-diff | obfuscated-file:lib/esm/routing/useActiveFilters.js | AI (source-diff): Long lines are inline sourcemaps in compiled ESM output, not obfuscation. | ai | |
| source-diff | obfuscated-file:lib/esm/routing/useStableRefEquality.js | AI (source-diff): Long lines are inline sourcemaps in compiled ESM output, not obfuscation. | ai | |
| source-diff | obfuscated-file:lib/esm/routing/useQueryObject.js | AI (source-diff): Long lines are inline sourcemaps in compiled ESM output, not obfuscation. | ai | |
| source-diff | obfuscated-file:lib/esm/type-tests/routes-inference.test-d.js | AI (source-diff): Type-test file; long line is inline source map footer. | ai | |
| source-diff | obfuscated-file:lib/esm/tools/buildCombinedSearch.js | AI (source-diff): Long lines are inline base64 source maps, not obfuscated logic; readable TS-compiled JS. | ai | |
| source-diff | obfuscated-file:lib/esm/tools/buildSearch.js | AI (source-diff): Long lines are base64 sourcemaps appended to readable compiled TS output, not obfuscation. | ai | |
| source-diff | obfuscated-file:lib/esm/type-tests/query-infer.test-d.js | AI (source-diff): Readable type-test file with inline sourcemap; not obfuscated. | ai | |
| source-diff | obfuscated-file:lib/esm/routing/useTypedQuery.js | AI (source-diff): Readable React hook with inline sourcemap; not obfuscated. | ai | |
| source-diff | obfuscated-file:lib/esm/tools/query-dsl.js | AI (source-diff): Readable compiled TS with inline sourcemap; not obfuscated. | ai | |
| source-diff | obfuscated-file:lib/esm/type-tests/useFilters-typed.test-d.js | AI (source-diff): Same inline sourcemap pattern; readable TS-compiled output. | ai | |
| source-diff | obfuscated-file:lib/esm/eslint-rules/no-direct-window-location-search.js | AI (source-diff): Long lines are inline sourcemaps appended to readable compiled ESM; not obfuscation. | ai | |
| source-diff | obfuscated-file:lib/esm/tools/query.js | AI (source-diff): Long lines are inline sourcemaps appended to readable compiled ESM; not obfuscation. | ai | |
| source-diff | obfuscated-file:lib/esm/routing/useAllQuery.js | AI (source-diff): Long lines are inline sourcemaps appended to readable compiled ESM; not obfuscation. | ai | |
| source-diff | obfuscated-file:lib/esm/routing/useFilters.js | AI (source-diff): Long lines are inline sourcemaps appended to readable compiled ESM; not obfuscation. | ai | |
| source-diff | obfuscated-file:lib/esm/routing/useQueryState.js | AI (source-diff): Long lines are inline sourcemaps appended to readable compiled ESM; not obfuscation. | ai | |
| source-diff | obfuscated-file:lib/esm/routing/RouterPrimitives.stories.js | AI (source-diff): Storybook story file compiled to ESM; long lines from bundled JSX, not obfuscation. | ai | |
| source-diff | obfuscated-file:lib/esm/routing/createStaticRouter.js | AI (source-diff): File is standard TypeScript ESM build output; long lines are minified but not obfuscated. Stable false positive for this package. | ai | |
| source-diff | obfuscated-file:lib/esm/instrumentation/adapters/performanceTimeline.js | AI (source-diff): Readable compiled ESM output; long lines from bundler, not obfuscation. | ai | |
| source-diff | obfuscated-file:lib/esm/values.js | AI (source-diff): Readable constants/utility file; long lines from bundler, not obfuscation. | ai | |
| source-diff | obfuscated-file:lib/routing/useQueryState.js | AI (source-diff): Readable compiled TS output; long-line trigger is sourcemap data. | ai | |
| source-diff | obfuscated-file:lib/asyncResource.js | AI (source-diff): Readable compiled TS output; long-line trigger is sourcemap data. | ai | |
| source-diff | obfuscated-file:lib/esm/asyncResource.js | AI (source-diff): Readable compiled TS output; long-line trigger is sourcemap data. | ai | |
| source-diff | obfuscated-file:lib/history/BrowserHistory.js | AI (source-diff): Readable compiled TS output; long-line trigger is sourcemap data. | ai | |
| source-diff | obfuscated-file:lib/tools/buildCombinedSearch.js | AI (source-diff): Readable compiled TS output; long-line trigger is sourcemap data. | ai | |
| source-diff | obfuscated-file:lib/builder.js | AI (source-diff): Readable compiled TS output; long-line trigger is sourcemap data. | ai | |
| source-diff | obfuscated-file:lib/routing/createRouter.js | AI (source-diff): Readable compiled TS output; long-line trigger is sourcemap data. | ai | |
| source-diff | obfuscated-file:lib/instrumentation/adapters/devtoolsBridge.js | AI (source-diff): Readable compiled TS output; long-line trigger is sourcemap data. | ai | |
| source-diff | obfuscated-file:lib/instrumentation/Instrumentation.js | AI (source-diff): Readable compiled TS output; long-line trigger is sourcemap data. | ai | |
| source-diff | obfuscated-file:lib/routing/Link.js | AI (source-diff): Readable compiled TS output; long-line trigger is sourcemap data. | ai | |
| source-diff | obfuscated-file:lib/eslint-rules/no-direct-window-location-search.js | AI (source-diff): Readable compiled TS output; long-line trigger is sourcemap data. | ai | |
| source-diff | obfuscated-file:lib/tools/query.js | AI (source-diff): Readable compiled TS output; long-line trigger is sourcemap data. | ai | |
| source-diff | obfuscated-file:lib/ResourcePage.js | AI (source-diff): Readable compiled TS output; long-line trigger is sourcemap data. | ai | |
| source-diff | obfuscated-file:lib/routing/RouteComponentWrapper.js | AI (source-diff): Readable compiled TS output; long-line trigger is sourcemap data. | ai | |
| source-diff | obfuscated-file:lib/routing/RouterRenderer.js | AI (source-diff): Readable compiled TS output; long-line trigger is sourcemap data. | ai | |
| source-diff | obfuscated-file:lib/tools.js | AI (source-diff): Readable compiled TS output; long-line trigger is sourcemap data. | ai | |
| source-diff | obfuscated-file:lib/types.js | AI (source-diff): Readable compiled TS output; long-line trigger is sourcemap data. | ai | |
| source-diff | obfuscated-file:lib/routing/useAllQuery.js | AI (source-diff): Readable compiled TS output; long-line trigger is sourcemap data. | ai | |
| source-diff | obfuscated-file:lib/routing/useFilters.js | AI (source-diff): Readable compiled TS output; long-line trigger is sourcemap data. | ai | |
| source-diff | obfuscated-file:lib/routing/index.js | AI (source-diff): Long lines are inline sourcemaps appended by TypeScript compiler, not obfuscation. | ai | |
| phantom-deps | phantom-dep:tslib | AI (phantom-deps): tslib is a declared runtime dependency used implicitly by TypeScript compiler output; stable false positive for TS-compiled packages. | ai | |
| source-diff | obfuscated-file:lib/esm/routing/useSearchParams.js | AI (source-diff): File is readable TypeScript-compiled ESM output; long-line trigger is a build artifact, not obfuscation. | ai |
Versions (showing 51 of 106)
| Version | Deps | Published |
|---|---|---|
| 0.1.161 | 2 / 5 | |
| 0.1.160 | 2 / 5 | |
| 0.1.159 | 2 / 5 | |
| 0.1.158 | 2 / 5 | |
| 0.1.157 | 2 / 5 | |
| 0.1.156 | 2 / 5 | |
| 0.1.154 | 2 / 5 | |
| 0.1.153 | 2 / 5 | |
| 0.1.152 | 2 / 5 | |
| 0.1.151 | 2 / 5 | |
| 0.1.150 | 2 / 5 | |
| 0.1.147 | 2 / 5 | |
| 0.1.146 | 2 / 5 | |
| 0.1.145 | 2 / 5 | |
| 0.1.144 | 2 / 5 | |
| 0.1.143 | 2 / 5 | |
| 0.1.142 | 2 / 5 | |
| 0.1.140 | 2 / 5 | |
| 0.1.134 | 2 / 5 | |
| 0.1.132 | 2 / 5 | |
| 0.1.131 | 2 / 5 | |
| 0.1.130 | 2 / 5 | |
| 0.1.125 | 2 / 5 | |
| 0.1.122 | 2 / 5 | |
| 0.1.120 | 2 / 5 | |
| 0.1.117 | 2 / 5 | |
| 0.1.116 | 2 / 5 | |
| 0.1.115 | 2 / 5 | |
| 0.1.114 | 2 / 5 | |
| 0.1.113 | 2 / 5 | |
| 0.1.112 | 2 / 5 | |
| 0.1.109 | 3 / 4 | |
| 0.1.108 | 3 / 4 | |
| 0.1.107 | 3 / 4 | |
| 0.1.106 | 3 / 4 | |
| 0.1.105 | 3 / 4 | |
| 0.1.104 | 3 / 4 | |
| 0.1.103 | 3 / 4 | |
| 0.1.102 | 3 / 4 | |
| 0.1.101 | 3 / 4 | |
| 0.1.99 | 3 / 4 | |
| 0.1.98 | 3 / 4 | |
| 0.1.97 | 3 / 4 | |
| 0.1.96 | 3 / 4 | |
| 0.1.95 | 3 / 4 | |
| 0.1.94 | 3 / 4 | |
| 0.1.92 | 3 / 4 | |
| 0.1.91 | 3 / 4 | |
| 0.1.90 | 3 / 4 | |
| 0.1.88 | 3 / 4 | |
| 0.1.87 | 3 / 4 |
v0.1.161
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.160
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.159
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.158
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.157
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.156
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.154
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.153
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.152
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.151
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.150
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.147
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.146
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.145
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.144
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.143
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.142
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.140
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.134
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.132
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.131
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.130
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.125
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.122
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.120
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.117
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.116
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.115
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.114
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.113
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.112
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.109
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.108
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.107
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.106
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.105
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.104
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.103
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.102
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.101
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.99
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.98
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.97
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.96
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.95
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.94
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.92
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.91
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.90
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.88
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.87
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.