@rive-app/react-canvas — Greenflagged

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

rive-engineeringluigi-rossoguidorossoavivian_rivephil_rive

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
bogus-package	bogus-package	AI (bogus-package): Established package in the rive-app org; sparse README/keywords is a style choice, not spam.	ai	2026/04/28

Versions (showing 39 of 39)

Version	Deps	Published
4.29.0	1 / 0	2026-06-05
4.28.6	1 / 0	2026-05-21
4.28.5	1 / 0	2026-05-15
4.28.4	1 / 0	2026-05-08
4.28.3	1 / 0	2026-04-28
4.28.2	1 / 0	2026-04-24
4.28.1	1 / 0	2026-04-17
4.28.0	1 / 0	2026-04-09
4.27.3	1 / 0	2026-03-24
4.27.2	1 / 0	2026-03-16
4.27.1	1 / 0	2026-03-10
4.27.0	1 / 0	2026-02-13
4.26.2	1 / 0	2026-01-27
4.26.1	1 / 0	2026-01-15
4.26.0	1 / 0	2026-01-13
4.25.3	1 / 0	2026-01-08
4.25.2	1 / 0	2026-01-06
4.25.1	1 / 0	2025-12-20
4.25.0	1 / 0	2025-12-17
4.24.0	1 / 0	2025-11-10
4.23.4	1 / 0	2025-09-23
4.23.3	1 / 0	2025-09-04
4.23.2	1 / 0	2025-09-04
4.23.1	1 / 0	2025-08-13
4.23.0	1 / 0	2025-08-08
4.22.1	1 / 0	2025-07-18
4.22.0	1 / 0	2025-07-15
4.21.6	1 / 0	2025-07-15
4.21.5	1 / 0	2025-07-14
4.21.4	1 / 0	2025-06-25
4.21.3	1 / 0	2025-06-08
4.21.2	1 / 0	2025-06-05
4.21.1	1 / 0	2025-05-28
4.21.0	1 / 0	2025-05-23
4.20.2	1 / 0	2025-05-23
4.20.1	1 / 0	2025-05-14
4.20.0	1 / 0	2025-05-12
4.19.1	1 / 0	2025-05-08
4.19.0	1 / 0	2025-04-29

v4.29.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.28.6

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.28.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.28.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.28.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.28.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.28.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.28.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.27.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.27.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.27.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.27.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.26.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.26.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.26.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.25.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.25.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.25.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.25.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.