react-is — Greenflagged

Brand checking of React Elements.

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

fbreact-bot

Keywords

react

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Publisher change from acdlite to lunaruan reflects a legitimate React core team transition at Facebook in 2019; lunaruan is a well-established trusted publisher.	ai	2026/04/21
maintainer-change	maintainer-added	AI (maintainer-change): lunaruan is a known React core team member; this maintainer addition is a legitimate internal Facebook team transition, not a compromise.	ai	2026/04/21
provenance	no-provenance	AI (provenance): This version was published in 2019, predating Sigstore provenance attestation tooling. Absence of provenance is expected for this era of releases.	ai	2026/04/21

Versions (showing 51 of 400)

Hide prereleases View all versions

Version	Deps	Published
19.2.7	0 / 0	2026-06-01
19.2.5	0 / 0	2026-04-08
19.2.3	0 / 0	2025-12-11
19.2.2	0 / 0	2025-12-11
19.2.0	0 / 0	2025-10-01
19.1.8	0 / 0	2026-06-01
19.1.6	0 / 0	2026-04-08
19.1.5	0 / 0	2026-01-26
19.1.2	0 / 0	2025-12-03
19.1.1	0 / 0	2025-07-28
19.1.0	0 / 0	2025-03-28
19.0.7	0 / 0	2026-06-01
19.0.4	0 / 0	2026-01-26
19.0.2	0 / 0	2025-12-11
19.0.0	0 / 0	2024-12-05
18.3.1	0 / 0	2024-04-26
18.3.0	0 / 0	2024-04-25
18.2.0	0 / 0	2022-06-14
18.1.0	0 / 0	2022-04-26
18.0.0	0 / 0	2022-03-29
17.0.2	0 / 0	2021-03-22
17.0.1	0 / 0	2020-10-22
17.0.0	0 / 0	2020-10-20
16.13.1	0 / 0	2020-03-19
16.13.0	0 / 0	2020-02-26
16.12.0	0 / 0	2019-11-14
16.11.0	0 / 0	2019-10-22
16.10.2	0 / 0	2019-10-03
16.10.1	0 / 0	2019-09-28
16.10.0	0 / 0	2019-09-27
16.9.0	0 / 0	2019-08-08
16.8.6	0 / 0	2019-03-28
16.8.5	0 / 0	2019-03-22
16.8.4	0 / 0	2019-03-05
16.8.3	0 / 0	2019-02-21
16.8.2	0 / 0	2019-02-14
16.8.1	0 / 0	2019-02-06
16.8.0	0 / 0	2019-02-06
16.7.0	0 / 0	2018-12-20
16.6.3	0 / 0	2018-11-13
16.6.2	0 / 0	2018-11-13
16.6.1	0 / 0	2018-11-07
16.6.0	0 / 0	2018-10-23
16.5.2	0 / 0	2018-09-18
16.5.1	0 / 0	2018-09-13
16.5.0	0 / 0	2018-09-06
16.4.2	0 / 0	2018-08-01
16.4.1	0 / 0	2018-06-13
16.4.0	0 / 0	2018-05-24
16.3.2	0 / 0	2018-04-16
16.3.1	0 / 0	2018-04-04

v19.2.7

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v19.1.8

2 findings

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

INFO Publisher changed: react-bot → GitHub Actions (on 2026-06-01) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2026-06-01. This could indicate a legitimate maintainer transition or an account compromise.

v19.0.7

2 findings

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

INFO Publisher changed: react-bot → GitHub Actions (on 2026-06-01) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2026-06-01. This could indicate a legitimate maintainer transition or an account compromise.