← Home

react-router

Declarative routing for React

100
Versions
MIT
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

brophdawg11mjackson

Keywords

reactrouterrouteroutinghistorylink

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
source-diff obfuscated-file:dist/production/index.js AI (source-diff): Standard tsup bundle output with long lines; not obfuscated. Stable for this package. ai
source-diff obfuscated-file:dist/development/index.js AI (source-diff): Standard tsup bundle output with long lines; not obfuscated. Stable for this package. ai
source-diff large-new-source-files AI (source-diff): Major version restructure absorbed @remix-run/router; many new dist files expected. ai
source-diff source-size-tripled AI (source-diff): Absorbed @remix-run/router into the package in v7; expected size increase. ai
publish-pattern new-deps-added AI (publish-pattern): @remix-run/router is the official companion package from the same Remix Software org; its addition is part of the documented v6 architecture and is stable for this package. ai
source-diff source-size-dropped AI (source-diff): Size drop reflects react-router v6's deliberate split across @remix-run/router and react-router-dom sibling packages, not code removal or stubbing. ai
source-diff obfuscated-file:dist/production/instrumentation--6Pioq_G.d.ts AI (source-diff): TypeScript declaration file (.d.ts) with long lines due to concatenated type definitions — not obfuscated code. Stable false positive for this package's dist output. ai
source-diff obfuscated-file:dist/development/instrumentation--6Pioq_G.d.ts AI (source-diff): TypeScript declaration file (.d.ts) with long lines due to concatenated type definitions — not obfuscated code. Stable false positive for this package's dist output. ai
source-diff obfuscated-file:dist/production/router-cLsU7kHk.d.mts AI (source-diff): TypeScript declaration file (.d.mts) with long lines due to concatenated type definitions — not obfuscated code. Stable false positive for this package's dist output. ai
source-diff obfuscated-file:dist/development/router-cLsU7kHk.d.mts AI (source-diff): TypeScript declaration file (.d.mts) with long lines due to concatenated type definitions — not obfuscated code. Stable false positive for this package's dist output. ai

Versions (showing 100 of 248)

Hide prereleases
Version Deps Published
8.2.0 1 / 13
8.1.0 1 / 13
8.0.1 1 / 13
8.0.0 1 / 13
7.18.1 2 / 13
7.18.0 2 / 13
7.17.0 2 / 13
7.16.0 2 / 13
7.15.1 2 / 13
7.15.0 2 / 13
7.14.2 2 / 13
7.14.1 2 / 13
7.14.0 2 / 13
7.13.2 2 / 13
7.13.1 2 / 13
7.13.0 2 / 13
7.12.0 2 / 13
6.30.4 1 / 2
6.30.3 1 / 2
6.30.2 1 / 2
5.3.4 9 / 0
5.3.3 10 / 0
5.3.2 10 / 0
5.3.1 10 / 0
5.2.1 10 / 0
5.2.0 10 / 0
5.1.2 10 / 0
5.1.1 10 / 0
5.1.0 10 / 0
5.0.1 10 / 23
5.0.0 10 / 24
4.3.1 7 / 25
4.3.0 6 / 26
4.2.0 7 / 23
4.1.2 7 / 28
4.1.1 7 / 28
4.1.0 7 / 28
4.0.0 5 / 29
3.2.6 8 / 41
3.2.5 8 / 41
3.2.4 8 / 41
3.2.3 8 / 41
3.2.2 8 / 41
3.2.1 7 / 41
3.2.0 7 / 41
3.0.5 7 / 41
3.0.4 7 / 41
3.0.3 5 / 42
3.0.2 5 / 42
3.0.1 5 / 42
3.0.0 5 / 42
2.8.1 5 / 41
2.8.0 5 / 41
2.7.0 5 / 41
2.6.1 5 / 43
2.6.0 5 / 44
2.5.2 5 / 44
2.5.1 5 / 44
2.5.0 5 / 44
2.4.1 4 / 44
2.4.0 4 / 44
2.3.0 3 / 36
2.2.4 3 / 36
2.2.2 3 / 36
2.2.1 3 / 36
2.2.0 3 / 36
2.1.1 3 / 36
2.1.0 3 / 36
2.0.1 3 / 36
2.0.0 3 / 36
1.0.3 2 / 38
1.0.2 2 / 38
1.0.1 2 / 38
1.0.0 2 / 37
0.13.6 4 / 0
0.13.5 4 / 0
0.13.4 2 / 0
0.13.3 2 / 0
0.13.2 3 / 0
0.13.1 2 / 0
0.13.0 2 / 0
0.12.4 1 / 0
0.12.3 1 / 0
0.12.2 1 / 0
0.12.1 1 / 0
0.12.0 1 / 18
0.11.6 2 / 23
0.11.5 2 / 23
0.11.4 2 / 21
0.11.3 2 / 21
0.11.2 2 / 21
0.11.1 2 / 19
0.11.0 2 / 19
0.10.2 3 / 19
0.10.1 3 / 19
0.10.0 3 / 19
0.9.5 3 / 19
0.9.4 3 / 19
0.9.3 3 / 15
0.9.2 3 / 15
Showing 100 of 248 Next page →

v8.2.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.1.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.0.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.0.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.18.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.18.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.17.0

3 findings
HIGH New obfuscated file: dist/development/index.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/production/index.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.16.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v6.30.4

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.