react-data-table-component

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

jbetancur

Keywords

reactdatatablereact-tablereact-data-table-component

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	obfuscated-file:dist/locales/index.js	AI (source-diff): Minified locale/i18n string bundle; no executable logic or network calls. Normal build output for this package.	ai	2026/05/22
source-diff	obfuscated-file:dist/locales/index.mjs	AI (source-diff): ESM variant of the same minified locale bundle; benign build artifact.	ai	2026/05/22
provenance	publisher-changed	AI (provenance): GitHub Actions publisher with SLSA provenance attestation is the expected CI/CD automation pattern; original author still in package.json.	ai	2026/05/22
source-diff	obfuscated-file:dist/index.js	AI (source-diff): Standard tsup minified bundle output; CSS class names and React patterns confirm legitimate component code.	ai	2026/05/17
source-diff	obfuscated-file:dist/index.mjs	AI (source-diff): ESM variant of the same tsup build; content is consistent with a React data table component.	ai	2026/05/17

Versions (showing 6 of 6)

Version	Deps	Published
8.3.0	0 / 22	2026-05-21
8.2.0	0 / 22	2026-05-20
8.1.0	0 / 22	2026-05-17
8.0.1	0 / 22	2026-05-17
8.0.0	0 / 21	2026-05-16
7.7.1	1 / 65	2026-04-19

v8.3.0

4 findings

HIGH Publisher changed: jbetancur → GitHub Actions (on 2026-05-21) provenance

This version was published by a different npm account than previous versions on 2026-05-21. This could indicate a legitimate maintainer transition or an account compromise.

HIGH New obfuscated file: dist/locales/index.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/locales/index.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.2.0

2 findings

HIGH Publisher changed: jbetancur → GitHub Actions (on 2026-05-20) provenance

This version was published by a different npm account than previous versions on 2026-05-20. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.1.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v8.0.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v8.0.0

3 findings

HIGH New obfuscated file: dist/index.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/index.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.7.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.