redux-saga MIT 2 versions

redux-saga

npm Repository Homepage

Saga middleware for Redux to handle Side Effects

Versions

MIT

License

Install Scripts

Missing

Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

redux-saga-release-botandaristyelouafi

Keywords

javascriptreduxmiddlewaresagaeffectsside effects

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
bogus-package	bogus-package	AI (bogus-package): redux-saga is a 10+ year old package with 1.5M weekly downloads; bogus-package signals are false positives from wrapper package structure.	ai	2026/04/25
dependencies	unvetted-dep:@redux-saga/core	AI (dependencies): redux-saga is intentionally a thin proxy package for @redux-saga/core — this is the project's documented split-package architecture, stable across all versions.	ai	2026/04/25
provenance	no-provenance	AI (provenance): Established package with 1.5M weekly downloads and 3,800+ day history; lack of provenance attestation is not a meaningful risk signal here.	ai	2026/04/25

Versions (showing 2 of 2)

Version	Deps	Published
1.4.2	1 / 4	2025-10-21
1.2.1	1 / 12	2022-08-20