@teambit/react-router
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| maintainer-change | maintainer-removed | AI (maintainer-change): Long-established teambit org package; removal of learn-bit with no new maintainer added and no code changes is consistent with routine org maintenance. | ai | |
| dependencies | unvetted-dep:@teambit/harmony | AI (dependencies): Internal teambit ecosystem dependency; stable pattern across all versions of this package. | ai | |
| dependencies | unvetted-dep:@teambit/ui-foundation.ui.react-router.slot-router | AI (dependencies): Internal teambit ecosystem dependency; stable pattern across all versions of this package. | ai | |
| dependencies | unvetted-dep:@teambit/ui-foundation.ui.navigation.react-router-adapter | AI (dependencies): Internal teambit ecosystem dependency; stable pattern across all versions of this package. | ai | |
| npm-metadata | no-description | AI (npm-metadata): Teambit component packages routinely omit descriptions; not a malware signal for this publisher. | ai | |
| provenance | no-provenance | AI (provenance): Teambit publishes many packages without Sigstore provenance; consistent across their ecosystem. | ai |
Versions (showing 40 of 40)
| Version | Deps | Published |
|---|---|---|
| 1.0.995 | 4 / 2 | |
| 1.0.993 | 4 / 2 | |
| 1.0.992 | 4 / 2 | |
| 1.0.991 | 4 / 2 | |
| 1.0.990 | 4 / 2 | |
| 1.0.989 | 4 / 2 | |
| 1.0.988 | 4 / 2 | |
| 1.0.987 | 4 / 2 | |
| 1.0.986 | 4 / 2 | |
| 1.0.985 | 4 / 2 | |
| 1.0.983 | 4 / 2 | |
| 1.0.982 | 4 / 2 | |
| 1.0.981 | 4 / 2 | |
| 1.0.980 | 4 / 2 | |
| 1.0.975 | 4 / 2 | |
| 1.0.974 | 4 / 2 | |
| 1.0.973 | 4 / 2 | |
| 1.0.972 | 4 / 2 | |
| 1.0.971 | 4 / 2 | |
| 1.0.970 | 4 / 2 | |
| 1.0.969 | 4 / 2 | |
| 1.0.968 | 4 / 2 | |
| 1.0.966 | 4 / 2 | |
| 1.0.965 | 4 / 2 | |
| 1.0.964 | 4 / 2 | |
| 1.0.963 | 4 / 2 | |
| 1.0.957 | 4 / 2 | |
| 1.0.952 | 4 / 2 | |
| 1.0.946 | 4 / 2 | |
| 1.0.938 | 4 / 2 | |
| 1.0.930 | 4 / 2 | |
| 1.0.797 | 4 / 2 | |
| 1.0.711 | 4 / 2 | |
| 1.0.667 | 4 / 2 | |
| 1.0.660 | 4 / 2 | |
| 1.0.621 | 4 / 2 | |
| 1.0.618 | 4 / 2 | |
| 1.0.617 | 4 / 2 | |
| 1.0.616 | 4 / 2 | |
| 1.0.610 | 4 / 2 |
v1.0.995
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.993
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.992
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.991
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.990
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.989
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.988
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.987
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.986
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.985
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.983
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.982
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.981
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.980
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.975
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.974
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.973
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.972
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.971
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.970
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.969
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.797
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.711
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.667
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.660
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.621
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.618
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.617
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.616
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.610
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.