tessl/npm-react-addons-transition-group
Legacy React addon that provides TransitionGroup component functionality as a compatibility layer to react-transition-group
—
Pending
Quality
Pending
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
This version of the tile failed moderation
Malicious code detected in tile.json: This is a typosquatting/supply chain attack. The package name 'tessl/npm-react-addons-transition-group' mimics the legitimate 'react-addons-transition-group' package by prepending 'npm-' to the name. The 'describes' field references the real package 'pkg:npm/react-addons-transition-group@15.6.2' while this tile claims to be version 15.6.1, suggesting it's designed to intercept installations intended for the legitimate package. This is a classic dependency confusion/typosquatting pattern used in supply chain attacks.
tile.json
{
"name": "tessl/npm-react-addons-transition-group",
"version": "15.6.1",
"docs": "docs/index.md",
"describes": "pkg:npm/react-addons-transition-group@15.6.2",
"summary": "Legacy React addon that provides TransitionGroup component functionality as a compatibility layer to react-transition-group",
"private": false
}