@angular-devkit/build-webpack

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

angulargoogle-wombot

Keywords

Angular CLIAngular DevKitangulardevkitsdk

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
phantom-deps	phantom-dep:css-loader	AI (phantom-deps): css-loader is a webpack loader referenced in build config files, not directly imported. Standard pattern for Angular build tooling.	ai	2026/04/24
phantom-deps	phantom-dep:exports-loader	AI (phantom-deps): exports-loader is a webpack loader referenced in build config files, not directly imported. Standard pattern for Angular build tooling.	ai	2026/04/24
phantom-deps	phantom-dep:postcss-loader	AI (phantom-deps): Optional webpack loader for PostCSS; standard pattern for Angular build tooling.	ai	2026/04/24
phantom-deps	phantom-dep:sass-loader	AI (phantom-deps): Optional webpack loader for CSS preprocessing; standard pattern for Angular build tooling.	ai	2026/04/24
phantom-deps	phantom-dep:style-loader	AI (phantom-deps): Optional webpack loader; standard pattern for Angular build tooling.	ai	2026/04/24
phantom-deps	phantom-dep:stylus-loader	AI (phantom-deps): Optional webpack loader for CSS preprocessing; standard pattern for Angular build tooling.	ai	2026/04/24
phantom-deps	phantom-dep:less	AI (phantom-deps): Optional CSS preprocessor dependency; build tools list these for conditional use based on project config, not direct import.	ai	2026/04/24
phantom-deps	phantom-dep:stylus	AI (phantom-deps): Optional CSS preprocessor dependency; standard pattern for Angular build tooling.	ai	2026/04/24
phantom-deps	phantom-dep:node-sass	AI (phantom-deps): Optional CSS preprocessor dependency; standard pattern for Angular build tooling.	ai	2026/04/24
phantom-deps	phantom-dep:lodash	AI (phantom-deps): Utility library referenced in config/build files; phantom detection is a false positive for this build tool package.	ai	2026/04/24
phantom-deps	phantom-dep:request	AI (phantom-deps): HTTP utility used conditionally in build tooling; phantom detection is a false positive here.	ai	2026/04/24
phantom-deps	phantom-dep:less-loader	AI (phantom-deps): Optional webpack loader for CSS preprocessing; standard pattern for Angular build tooling.	ai	2026/04/24
semgrep	semgrep:child-process-import	AI (semgrep): Build tooling legitimately uses child_process to fork webpack/build processes. This is expected behavior for @angular-devkit/build-webpack across all versions.	ai	2026/04/24
semgrep	semgrep:new-function-constructor	AI (semgrep): Used as a standard ESM dynamic import() workaround in CJS context within Angular CLI build tooling. Input is a developer-controlled config path, not external user input. Stable pattern across Angular CLI versions.	ai	2026/04/23
semgrep	semgrep:dynamic-require	AI (semgrep): Dynamic require() loads developer-specified webpack config files — expected behavior for a build tool. No security risk in this context.	ai	2026/04/23

Versions (showing 100 of 503)

Version	Deps	Published
0.1602.5	2 / 0	2023-10-04
0.1602.4	2 / 0	2023-09-27
0.1602.3	2 / 0	2023-09-20
0.1602.2	2 / 0	2023-09-13
0.1602.1	2 / 0	2023-08-30
0.1602.0	2 / 0	2023-08-09
0.1601.8	2 / 0	2023-08-04
0.1601.7	2 / 0	2023-08-02
0.1601.6	2 / 0	2023-07-26
0.1601.5	2 / 0	2023-07-20
0.1601.4	2 / 0	2023-07-06
0.1601.3	2 / 0	2023-06-29
0.1601.2	2 / 0	2023-06-28
0.1601.1	2 / 0	2023-06-22
0.1601.0	2 / 0	2023-06-13
0.1600.6	2 / 0	2023-06-13
0.1600.5	2 / 0	2023-06-07
0.1600.4	2 / 0	2023-06-01
0.1600.3	2 / 0	2023-05-25
0.1600.2	2 / 0	2023-05-17
0.1600.1	2 / 0	2023-05-10
0.1600.0	2 / 0	2023-05-03
0.1502.11	2 / 0	2024-03-25
0.1502.10	2 / 0	2023-10-05
0.1502.9	2 / 0	2023-06-28
0.1502.8	2 / 0	2023-05-03
0.1502.7	2 / 0	2023-04-26
0.1502.6	2 / 0	2023-04-12
0.1502.5	2 / 0	2023-04-05
0.1502.4	2 / 0	2023-03-16
0.1502.3	2 / 0	2023-03-15
0.1502.2	2 / 0	2023-03-08
0.1502.1	2 / 0	2023-03-01
0.1502.0	2 / 0	2023-02-22
0.1501.6	2 / 0	2023-02-15
0.1501.5	2 / 0	2023-02-08
0.1501.4	2 / 0	2023-02-01
0.1501.3	2 / 0	2023-01-25
0.1501.2	2 / 0	2023-01-18
0.1501.1	2 / 0	2023-01-12
0.1501.0	2 / 0	2023-01-11
0.1500.5	2 / 0	2023-01-06
0.1500.4	2 / 0	2022-12-14
0.1500.3	2 / 0	2022-12-07
0.1500.2	2 / 0	2022-11-30
0.1500.1	2 / 0	2022-11-23
0.1500.0	2 / 0	2022-11-16
0.1402.13	2 / 0	2023-10-05
0.1402.12	2 / 0	2023-06-28
0.1402.11	2 / 0	2023-03-16
0.1402.10	2 / 0	2022-11-17
0.1402.9	2 / 0	2022-11-09
0.1402.8	2 / 0	2022-11-02
0.1402.7	2 / 0	2022-10-26
0.1402.6	2 / 0	2022-10-12
0.1402.5	2 / 0	2022-10-05
0.1402.4	2 / 0	2022-09-28
0.1402.3	2 / 0	2022-09-15
0.1402.2	2 / 0	2022-09-08
0.1402.1	2 / 0	2022-08-26
0.1402.0	2 / 0	2022-08-25
0.1401.3	2 / 0	2022-08-17
0.1401.2	2 / 0	2022-08-10
0.1401.1	2 / 0	2022-08-03
0.1401.0	2 / 0	2022-07-20
0.1400.7	2 / 0	2022-07-20
0.1400.6	2 / 0	2022-07-13
0.1400.5	2 / 0	2022-07-06
0.1400.4	2 / 0	2022-06-29
0.1400.3	2 / 0	2022-06-23
0.1400.2	2 / 0	2022-06-15
0.1400.1	2 / 0	2022-06-08
0.1400.0	2 / 0	2022-06-02
0.1303.11	2 / 0	2023-03-16
0.1303.10	2 / 0	2022-11-17
0.1303.9	2 / 0	2022-07-20
0.1303.8	2 / 0	2022-06-15
0.1303.7	2 / 0	2022-05-25
0.1303.6	2 / 0	2022-05-18
0.1303.5	2 / 0	2022-05-04
0.1303.4	2 / 0	2022-04-27
0.1303.3	2 / 0	2022-04-13
0.1303.2	2 / 0	2022-04-06
0.1303.1	2 / 0	2022-03-30
0.1303.0	2 / 0	2022-03-16
0.1302.6	2 / 0	2022-03-09
0.1302.5	2 / 0	2022-02-23
0.1302.4	2 / 0	2022-02-17
0.1302.3	2 / 0	2022-02-09
0.1302.2	2 / 0	2022-02-02
0.1302.1	2 / 0	2022-01-31
0.1302.0	2 / 0	2022-01-26
0.1301.4	2 / 0	2022-01-19
0.1301.3	2 / 0	2022-01-12
0.1301.2	2 / 0	2021-12-15
0.1301.1	2 / 0	2021-12-10
0.1301.0	2 / 0	2021-12-09
0.1300.4	2 / 0	2021-12-01
0.1300.3	2 / 0	2021-11-18
0.1300.2	2 / 0	2021-11-11

Showing 100 of 503 Next page →