@suspensive/react-query
Suspensive interfaces for @tanstack/react-query
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| install-scripts | install-script:postinstall | AI (install-scripts): Postinstall detects installed react-query peer version; documented pattern stable across all versions of this package. | ai | |
| semgrep | semgrep:dynamic-require | AI (semgrep): Dynamic require used only to probe for installed peer packages by name; not user-controlled arbitrary module loading. | ai | |
| phantom-deps | phantom-dep:commander | AI (phantom-deps): commander is a declared runtime dependency used by the CLI binary; phantom-dep heuristic false positive. | ai |
Versions (showing 4 of 4)
| Version | Deps | Published |
|---|---|---|
| 3.21.2 | 5 / 5 | |
| 3.21.0 | 5 / 5 | |
| 3.19.4 | 5 / 5 | |
| 3.19.1 | 5 / 5 |
v3.21.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.21.0
2 findingsScript: node ./dist/bin/postinstall.cjs || echo 'please reinstall @suspensive/react-query'
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.19.4
2 findingsScript: node ./dist/bin/postinstall.cjs || echo 'please reinstall @suspensive/react-query'
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.19.1
2 findingsScript: node ./dist/bin/postinstall.cjs || echo 'please reinstall @suspensive/react-query'
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.