All @radix-ui/react-tabs versions

@radix-ui/[email protected] rejected Risk: 98 MIT

@radix-ui/react-tabs @1.1.11

rejected
This version was rejected. It did not pass GreenFlagged's security review and is not served by the registry. The findings and risk dispositions below explain why.
npm Repository Homepage Tarball
98
Risk Score
MIT
License
No
Install Scripts
8
Dependencies
9
Dev Dependencies
8.5 KB
Package Size
Published

View docs [here](https://radix-ui.com/primitives/docs/components/tabs).

Maintainers

benoitgrelardstephenhaneyandy-hookhadihallakchancestricklandmark-workos

Dependencies (8)

PackageConstraintRegistry Status
@radix-ui/react-id 1.1.1 auto_approved
@radix-ui/primitive 1.1.2 auto_approved
@radix-ui/react-context 1.1.2 auto_approved
@radix-ui/react-presence 1.1.4 auto_approved
@radix-ui/react-direction 1.1.1 auto_approved
@radix-ui/react-primitive 2.1.2 auto_approved
@radix-ui/react-roving-focus 1.1.9 rejected
@radix-ui/react-use-controllable-state 1.2.2 pending

Dev Dependencies (9)

PackageConstraintRegistry Status
react ^19.1.0 auto_approved
eslint ^9.18.0 auto_approved
react-dom ^19.1.0 auto_approved
typescript ^5.7.3 auto_approved
@types/react ^19.0.7 auto_approved
@repo/builder 0.0.0 Not imported
@types/react-dom ^19.0.3 auto_approved
@repo/eslint-config 0.0.0 Not imported
@repo/typescript-config 0.0.0 Not imported

Transitive Dependency Tree

11 transitive deps max depth 2
  ├─ @radix-ui/primitive 1.1.2 → 1.1.2
  ├─ @radix-ui/react-context 1.1.2 → 1.1.2
  ├─ @radix-ui/react-direction 1.1.1 → 1.1.1
  ├─ @radix-ui/react-id 1.1.1 → 1.1.1
  ├─ @radix-ui/react-presence 1.1.4 → 1.1.4
  ├─ @radix-ui/react-primitive 2.1.2 → 2.1.2
  ├─ @radix-ui/react-roving-focus 1.1.9
├─ @radix-ui/react-use-controllable-state 1.2.2
  ├─ @radix-ui/react-compose-refs 1.1.2 → 1.1.2
  ├─ @radix-ui/react-slot 1.2.2
  ├─ @radix-ui/react-use-layout-effect 1.1.1 → 1.1.1

Changes from v1.0.2

Dependency Changes

ChangePackageVersion
removed @babel/runtime ^7.13.10
changed @radix-ui/react-id 1.0.0 → 1.1.1
changed @radix-ui/primitive 1.0.0 → 1.1.2
changed @radix-ui/react-context 1.0.0 → 1.1.2
changed @radix-ui/react-presence 1.0.0 → 1.1.4
changed @radix-ui/react-direction 1.0.0 → 1.1.1
changed @radix-ui/react-primitive 1.0.1 → 2.1.2
changed @radix-ui/react-roving-focus 1.0.2 → 1.1.9
changed @radix-ui/react-use-controllable-state 1.0.0 → 1.2.2

Script Changes

+ lint+ build+ typecheck - version

File Changes

4 added 3 removed 5 modified size delta: -9.7 KB

Risk Dispositions (1 applicable to this version, 0 other)

Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.

Rule Source Disposition Author Reason
bogus-package bogus-package reject AI AI (bogus-package): Inflated semver on first publish combined with impersonation of the @radix-ui namespace by a non-official publisher is a disqualifying signal for this package.

SAST Findings (3)

CRITICAL Low-value / spam package indicators (2 signals, score 3) bogus-package

[Always reject] Matched 2 signal(s), weighted score 3: • [S_README_NO_CODE] Short README with no code block, no install instructions, and no usage/API section. • [S_NO_KEYWORDS] No keywords declared.

HIGH Publisher changed: benoitgrelard → chancestrickland (on 2025-05-06) provenance

This version was published by a different npm account than previous versions on 2025-05-06. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

Review Summary

Risk score: 98. Findings: 1 critical (+40), 1 high (+25), 3 medium (+30), 1 low (+3).

Published to npm: