react-admin No license 35 versions

react-admin

npm Repository Homepage

35

Versions

—

License

No

Install Scripts

Missing

Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

fzaninottothieryslax57

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
bogus-package	bogus-package	AI (bogus-package): react-admin is a major framework; marmelab publishes many ra-* sub-packages, not spam.	ai	2026/05/10
provenance	publisher-changed	AI (provenance): slax57 is a known marmelab team member with prior approved publishes on this ecosystem.	ai	2026/05/10
dependencies	unvetted-dep:ra-ui-materialui	AI (dependencies): First-party monorepo sub-package; stable pattern across all react-admin versions.	ai	2026/04/29
dependencies	unvetted-dep:ra-language-english	AI (dependencies): First-party monorepo sub-package; stable pattern across all react-admin versions.	ai	2026/04/29
phantom-deps	phantom-dep:react-router	AI (phantom-deps): Listed as dependency and re-exported; phantom detection is a false positive for this package.	ai	2026/04/29
dependencies	unvetted-dep:ra-core	AI (dependencies): First-party monorepo sub-package; stable pattern across all react-admin versions.	ai	2026/04/29
phantom-deps	phantom-dep:@emotion/styled	AI (phantom-deps): Declared dependency re-exported via ra-ui-materialui; false positive for this package.	ai	2026/04/29
phantom-deps	phantom-dep:react-hook-form	AI (phantom-deps): Declared dependency re-exported; false positive for this package.	ai	2026/04/29
phantom-deps	phantom-dep:@mui/icons-material	AI (phantom-deps): Declared dependency re-exported; false positive for this package.	ai	2026/04/29
phantom-deps	phantom-dep:@emotion/react	AI (phantom-deps): Declared dependency re-exported via ra-ui-materialui; false positive for this package.	ai	2026/04/29
dependencies	unvetted-dep:ra-i18n-polyglot	AI (dependencies): First-party monorepo sub-package; stable pattern across all react-admin versions.	ai	2026/04/29

Versions (showing 35 of 35)

Version	Deps	Published
5.14.7	12 / 11	2026-05-18
5.14.6	12 / 11	2026-04-21
5.14.5	12 / 11	2026-03-31
5.14.4	12 / 11	2026-03-10
5.14.3	12 / 11	2026-02-27
5.14.2	12 / 11	2026-02-16
5.14.1	12 / 6	2026-01-30
5.14.0	12 / 6	2026-01-23
5.13.6	12 / 6	2026-01-16
5.13.5	12 / 6	2026-01-09
5.13.4	12 / 6	2025-12-16
5.13.3	12 / 6	2025-12-05
5.13.2	12 / 6	2025-11-21
5.13.1	12 / 6	2025-11-14
5.13.0	12 / 6	2025-11-13
5.12.3	12 / 7	2025-11-03
5.12.2	12 / 7	2025-10-24
5.12.1	12 / 7	2025-10-17
5.12.0	12 / 7	2025-10-07
5.11.4	12 / 7	2025-09-26
5.11.3	12 / 6	2025-09-19
5.11.2	12 / 6	2025-09-15
5.11.1	12 / 6	2025-09-05
5.11.0	12 / 6	2025-09-03
5.10.2	12 / 6	2025-08-25
5.10.1	12 / 6	2025-08-01
5.10.0	12 / 6	2025-07-22
5.9.2	11 / 6	2025-07-15
5.9.1	11 / 6	2025-07-03
5.9.0	11 / 6	2025-06-23
5.8.4	11 / 6	2025-06-16
5.8.3	11 / 6	2025-05-28
5.8.2	11 / 6	2025-05-16
5.8.1	11 / 6	2025-05-12
5.8.0	11 / 6	2025-04-30

v5.14.7

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.14.5

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.14.4

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.14.3

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.14.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.14.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.14.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.13.6

2 findings

HIGH Publisher changed: slax57 → djhi (on 2026-01-16) provenance

This version was published by a different npm account than previous versions on 2026-01-16. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.13.5

2 findings

HIGH Publisher changed: slax57 → djhi (on 2026-01-09) provenance

This version was published by a different npm account than previous versions on 2026-01-09. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.13.4

2 findings

HIGH Publisher changed: slax57 → djhi (on 2025-12-16) provenance

This version was published by a different npm account than previous versions on 2025-12-16. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.13.3

2 findings

HIGH Publisher changed: slax57 → djhi (on 2025-12-05) provenance

This version was published by a different npm account than previous versions on 2025-12-05. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.13.2

2 findings

HIGH Publisher changed: slax57 → djhi (on 2025-11-21) provenance

This version was published by a different npm account than previous versions on 2025-11-21. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.13.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.13.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.12.3

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.12.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.12.1

2 findings

HIGH Publisher changed: djhi → slax57 (on 2025-10-17) provenance

This version was published by a different npm account than previous versions on 2025-10-17. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.12.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.11.4

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.11.3

2 findings

HIGH Publisher changed: djhi → slax57 (on 2025-09-19) provenance

This version was published by a different npm account than previous versions on 2025-09-19. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.11.2

2 findings

HIGH Publisher changed: djhi → slax57 (on 2025-09-15) provenance

This version was published by a different npm account than previous versions on 2025-09-15. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.11.1

2 findings

HIGH Publisher changed: djhi → slax57 (on 2025-09-05) provenance

This version was published by a different npm account than previous versions on 2025-09-05. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.11.0

2 findings

HIGH Publisher changed: djhi → slax57 (on 2025-09-03) provenance

This version was published by a different npm account than previous versions on 2025-09-03. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.10.2

2 findings

HIGH Publisher changed: djhi → slax57 (on 2025-08-25) provenance

This version was published by a different npm account than previous versions on 2025-08-25. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.10.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.10.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.9.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.9.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.9.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.8.4

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.8.3

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.8.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.8.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.8.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.