react-final-form MIT 51 versions

react-final-form

npm Repository Homepage

🏁 High performance subscription-based form state management for React

51

Versions

MIT

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

erikras

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
phantom-deps	phantom-dep:ts-essentials	AI (phantom-deps): ts-essentials is a TypeScript utility types package used in type definitions; its presence as a dependency without direct runtime import is a known pattern for type-only deps. Not a security concern.	ai	2026/04/24
install-scripts	install-script:postinstall	AI (install-scripts): Postinstall only prints a donation message via console.log with ANSI color codes — no network calls, no code execution risk. Stable benign pattern for this package.	ai	2026/04/24

Versions (showing 51 of 71)

Show 1 prerelease View all versions

Version	Deps	Published
7.0.1	1 / 55	2026-05-05
7.0.0	1 / 54	2025-06-07
6.5.9	1 / 53	2022-04-01
6.5.8	1 / 53	2022-01-31
6.5.7	1 / 53	2021-09-30
6.5.6	1 / 53	2021-09-29
6.5.5	1 / 53	2021-09-29
6.5.4	1 / 53	2021-09-29
6.5.3	1 / 61	2021-03-20
6.5.2	1 / 60	2020-10-21
6.5.1	1 / 60	2020-07-13
6.5.0	3 / 59	2020-05-27
6.4.0	2 / 59	2020-03-30
6.3.4	2 / 57	2020-01-22
6.3.1	2 / 57	2019-11-18
6.2.1	2 / 56	2019-06-14
6.1.0	2 / 56	2019-06-11
5.1.2	2 / 56	2019-05-24
5.1.1	2 / 56	2019-05-24
5.1.0	1 / 56	2019-05-16
5.0.2	1 / 56	2019-05-15
5.0.1	1 / 56	2019-05-15
5.0.0	1 / 56	2019-05-15
4.1.0	1 / 52	2019-03-04
4.0.2	1 / 52	2018-11-16
4.0.1	1 / 52	2018-11-16
4.0.0	1 / 52	2018-11-15
3.7.0	1 / 52	2018-11-15
3.6.7	0 / 52	2018-10-10
3.6.6	0 / 41	2018-10-02
3.6.5	0 / 40	2018-07-18
3.6.4	0 / 40	2018-06-27
3.6.3	0 / 40	2018-06-26
3.6.2	0 / 40	2018-06-15
3.6.1	1 / 40	2018-06-15
3.6.0	1 / 40	2018-06-07
3.5.2	1 / 40	2018-06-06
3.5.1	0 / 40	2018-06-01
3.5.0	0 / 40	2018-05-31
3.4.2	0 / 40	2018-05-16
3.4.0	0 / 40	2018-04-23
3.3.1	0 / 40	2018-04-13
3.3.0	0 / 40	2018-04-12
3.2.1	0 / 40	2018-04-11
3.1.5	0 / 41	2018-03-22
3.1.4	0 / 41	2018-03-14
3.1.3	0 / 40	2018-03-13
3.1.2	0 / 40	2018-02-28
3.1.1	0 / 40	2018-02-27
3.1.0	0 / 39	2018-01-29
3.0.5	0 / 39	2018-01-23

v7.0.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.5.9

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v6.5.8

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v6.5.7

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v6.5.6

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v6.5.5

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v6.5.4

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v6.5.3

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v6.5.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v6.5.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v6.5.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v6.4.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v6.3.4

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v6.3.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v6.2.1

2 findings

HIGH Package has 'postinstall' script install-scripts

Script: node -e "console.log('\u001b[35m\u001b[1mUsing react-final-form at work? You can now donate to our open collective:\u001b[22m\u001b[39m\n > \u001b[34mhttps://opencollective.com/final-form/donate\u001b[0m')"

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v6.1.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.