@react-three/xr No license 12 versions

@react-three/xr

npm Repository Homepage

12

Versions

—

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

sniokdrcmdacodyjasonbennettbela-bohlender

Keywords

r3fxrarvrthree.jsreacttypescript

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
typosquat	typosquat.levenshtein:pg	AI (typosquat): Scoped package @react-three/xr cannot be a typosquat of pg; edit-distance match is spurious.	ai	2026/05/26
typosquat	typosquat.levenshtein:qs	AI (typosquat): Scoped package @react-three/xr cannot be a typosquat of qs; edit-distance match is spurious.	ai	2026/05/26
dependencies	unvetted-dep:@pmndrs/xr	AI (dependencies): First-party sibling from the same pmndrs org and repo; stable dependency relationship.	ai	2026/05/26

Versions (showing 12 of 12)

Version	Deps	Published
6.6.29	5 / 4	2026-01-06
6.6.28	5 / 4	2025-11-20
6.6.27	5 / 4	2025-10-05
6.6.26	5 / 4	2025-09-09
6.6.25	5 / 4	2025-08-19
6.6.24	5 / 4	2025-08-19
6.6.23	5 / 4	2025-08-19
6.6.22	5 / 4	2025-08-05
6.6.21	5 / 4	2025-08-05
6.6.20	5 / 4	2025-07-19
6.6.19	5 / 4	2025-07-09
6.6.18	5 / 4	2025-07-08

v6.6.29

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v6.6.28

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v6.6.27

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v6.6.26

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v6.6.25

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v6.6.24

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v6.6.23

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v6.6.22

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v6.6.21

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v6.6.20

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v6.6.19

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v6.6.18

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.