@tanstack/react-start — Greenflagged

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

tannerlinsleytkdodoalemtuzlakkevinvandyschiller-manuel

Keywords

reactlocationrouterroutingasyncasync routertypescript

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
dependencies	unvetted-dep:@tanstack/react-start-plugin	AI (dependencies): First-party sibling package from TanStack monorepo; pinned to same release version.	ai	2026/04/27
dependencies	unvetted-dep:@tanstack/start-server-functions-handler	AI (dependencies): First-party TanStack monorepo sub-package; stable pattern across releases.	ai	2026/04/27
dependencies	unvetted-dep:@tanstack/react-start-router-manifest	AI (dependencies): First-party TanStack monorepo sub-package; stable pattern across releases.	ai	2026/04/27
dependencies	unvetted-dep:@tanstack/start-server-functions-client	AI (dependencies): First-party TanStack monorepo sub-package; stable pattern across releases.	ai	2026/04/27
dependencies	unvetted-dep:@tanstack/start-server-functions-server	AI (dependencies): First-party TanStack monorepo sub-package; stable pattern across releases.	ai	2026/04/27
dependencies	unvetted-dep:@tanstack/start-api-routes	AI (dependencies): First-party TanStack monorepo sub-package; stable pattern across releases.	ai	2026/04/27
dependencies	unvetted-dep:@tanstack/react-start-config	AI (dependencies): First-party TanStack monorepo sub-package; stable pattern across releases.	ai	2026/04/27
dependencies	unvetted-dep:@tanstack/start-server-functions-ssr	AI (dependencies): First-party TanStack monorepo sub-package; stable pattern across releases.	ai	2026/04/27
maintainer-change	maintainer-added	AI (maintainer-change): lachlancollins is a known TanStack collaborator; adding maintainers to a mature project is expected.	ai	2026/04/26
provenance	publisher-changed	AI (provenance): Transition from manual (tannerlinsley) to CI/CD (GitHub Actions) publishing with SLSA provenance. This is a security improvement, not a risk.	ai	2026/04/26
phantom-deps	phantom-dep:@tanstack/router-utils	AI (phantom-deps): Same-org sibling package from TanStack monorepo; phantom dep status is a packaging detail, not a security concern for this well-attested package.	ai	2026/04/25

Versions (showing 51 of 436)

View all versions

Version	Deps	Published
1.168.24	9 / 2	2026-06-06
1.168.23	9 / 2	2026-06-06
1.168.22	9 / 2	2026-06-05
1.168.21	9 / 2	2026-06-05
1.168.20	9 / 2	2026-06-04
1.168.19	9 / 2	2026-06-02
1.168.18	9 / 2	2026-05-30
1.168.17	9 / 2	2026-05-30
1.168.16	9 / 2	2026-05-29
1.168.15	9 / 2	2026-05-28
1.168.14	9 / 2	2026-05-26
1.168.13	9 / 2	2026-05-25
1.168.12	9 / 2	2026-05-24
1.168.11	9 / 2	2026-05-24
1.168.10	9 / 2	2026-05-21
1.168.9	9 / 2	2026-05-20
1.168.8	9 / 2	2026-05-20
1.168.7	9 / 2	2026-05-20
1.168.6	9 / 2	2026-05-17
1.168.5	9 / 2	2026-05-16
1.168.4	9 / 2	2026-05-16
1.168.3	9 / 2	2026-05-16
1.168.2	9 / 2	2026-05-16
1.168.1	9 / 2	2026-05-15
1.168.0	9 / 2	2026-05-15
1.167.65	9 / 2	2026-05-06
1.167.64	9 / 2	2026-05-05
1.167.63	9 / 2	2026-05-05
1.167.62	9 / 2	2026-05-03
1.167.61	9 / 3	2026-05-02
1.167.60	9 / 3	2026-05-02
1.167.59	9 / 3	2026-05-01
1.167.58	9 / 3	2026-05-01
1.167.57	9 / 3	2026-05-01
1.167.56	9 / 3	2026-04-30
1.167.55	9 / 3	2026-04-30
1.167.54	9 / 3	2026-04-30
1.167.53	9 / 3	2026-04-30
1.167.52	9 / 3	2026-04-29
1.167.51	9 / 3	2026-04-29
1.167.50	9 / 3	2026-04-27
1.167.49	9 / 3	2026-04-25
1.167.48	9 / 3	2026-04-25
1.167.47	9 / 3	2026-04-24
1.167.46	9 / 3	2026-04-24
1.167.45	9 / 3	2026-04-24
1.167.44	9 / 3	2026-04-24
1.167.43	9 / 3	2026-04-24
1.167.42	9 / 2	2026-04-18
1.167.41	9 / 2	2026-04-15
1.167.40	9 / 2	2026-04-15