← Home

@radix-ui/react-slider

npm Repository Homepage

View docs [here](https://radix-ui.com/primitives/docs/components/slider).

13
Versions
MIT
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

hadihallakchancestricklandmark-workosnpm-workos

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
provenance publisher-changed AI (provenance): Known Radix UI team transition to WorkOS stewardship; chancestrickland is established maintainer. ai
maintainer-change maintainer-added AI (maintainer-change): Legitimate org transition; new maintainers are known WorkOS/Radix team members. ai
maintainer-change maintainer-removed AI (maintainer-change): Old maintainers removed as part of known Radix→WorkOS org restructuring. ai
publish-pattern dormant-publish AI (publish-pattern): Dormancy due to Radix UI org restructuring, not abandonment. ai
phantom-deps phantom-dep:@radix-ui/react-use-layout-effect AI (phantom-deps): Same-org internal dep; likely re-exported or used transitively. ai

Versions (showing 13 of 13)

Version Deps Published
1.4.0 11 / 7
1.3.6 11 / 9
1.3.5 11 / 9
1.3.4 11 / 9
1.3.3 11 / 9
1.3.1 11 / 9
1.3.0 11 / 9
1.2.4 11 / 10
1.2.3 11 / 10
1.2.2 11 / 2
1.2.1 11 / 2
1.2.0 11 / 2
1.0.0 12 / 2

v1.4.0

2 findings
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

INFO Publisher changed: chancestrickland → GitHub Actions (on 2026-06-06) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2026-06-06. This could indicate a legitimate maintainer transition or an account compromise.

v1.3.5

2 findings
HIGH Publisher changed: benoitgrelard → chancestrickland (on 2025-05-20) provenance

This version was published by a different npm account than previous versions on 2025-05-20. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.3.4

2 findings
HIGH Publisher changed: benoitgrelard → chancestrickland (on 2025-05-06) provenance

This version was published by a different npm account than previous versions on 2025-05-06. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.3.3

2 findings
HIGH Publisher changed: benoitgrelard → chancestrickland (on 2025-05-05) provenance

This version was published by a different npm account than previous versions on 2025-05-05. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.3.1

2 findings
HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: chancestrickland.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.3.0

2 findings
HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: chancestrickland.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.2.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.2.3

2 findings
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: benoitgrelard → chancestrickland (on 2025-02-05) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2025-02-05. This could indicate a legitimate maintainer transition or an account compromise.

v1.2.2

2 findings
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: benoitgrelard → chancestrickland (on 2024-12-13) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2024-12-13. This could indicate a legitimate maintainer transition or an account compromise.

v1.2.1

2 findings
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: benoitgrelard → chancestrickland (on 2024-10-01) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2024-10-01. This could indicate a legitimate maintainer transition or an account compromise.

v1.2.0

2 findings
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: benoitgrelard → vladmoroz (on 2024-06-19, known maintainer) provenance

This version was published by a different npm account (vladmoroz) than the most recent previously approved version (benoitgrelard) on 2024-06-19, but vladmoroz is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.