@angular/common — Greenflagged

Angular - commonly needed directives and services

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

angulargoogle-wombot

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	obfuscated-file:fesm2022/common_module-8OBsKodd.mjs	AI (source-diff): Standard Angular FESM2022 bundle output with long lines; not obfuscated.	ai	2026/05/29
provenance	missing-githead	AI (provenance): Angular packages published by google-wombot may intermittently lack gitHead due to CI pipeline changes; not a security signal for this package.	ai	2026/04/22
provenance	no-provenance	AI (provenance): Angular framework packages have not adopted Sigstore provenance; stable for this package.	ai	2026/04/22
source-diff	obfuscated-file:locales/global/bal-Latn.js	AI (source-diff): Global variant of auto-generated CLDR locale data. Same pattern as all other Angular locale files.	ai	2026/04/22
source-diff	obfuscated-file:locales/bal-Latn.js	AI (source-diff): Auto-generated CLDR locale data file with long lines of serialized locale arrays/objects. Standard Angular locale pattern, not obfuscation.	ai	2026/04/22
source-diff	large-new-source-files	AI (source-diff): Major version bump (v20→v21) naturally involves large file count changes due to restructuring and new locale additions.	ai	2026/04/22
source-diff	obfuscated-file:fesm2022/common_module.mjs	AI (source-diff): FESM build output for Angular; code is readable, not obfuscated. Long lines are standard for Angular's flat module format.	ai	2026/04/22
source-diff	obfuscated-file:fesm2022/common_module-Dx7dWex5.mjs	AI (source-diff): FESM2022 bundle output from Angular's build toolchain; long lines from bundling, not obfuscation. Source maps included.	ai	2026/04/22
bogus-package	bogus-package	AI (bogus-package): Angular framework sub-packages have minimal READMEs and no keywords by convention. Not a spam indicator for this package.	ai	2026/04/22
semgrep	semgrep:api-obfuscation-reflect	AI (semgrep): Reflect.get used in Angular's Proxy-based ngTemplateOutletContext — standard framework code, not obfuscation.	ai	2026/04/22
phantom-deps	phantom-dep:tslib	AI (phantom-deps): tslib is a known implicit runtime dependency for TypeScript-compiled packages. Stable false positive for @angular/common.	ai	2026/04/22

Versions (showing 51 of 51)

Show 20 prereleases

Version	Deps	Published
21.2.15	1 / 0	2026-05-28
21.2.14	1 / 0	2026-05-20
21.2.13	1 / 0	2026-05-13
21.2.12	1 / 0	2026-05-06
21.2.11	1 / 0	2026-04-29
21.2.10	1 / 0	2026-04-22
21.2.9	1 / 0	2026-04-15
21.2.8	1 / 0	2026-04-08
21.2.7	1 / 0	2026-04-01
21.2.6	1 / 0	2026-03-25
21.2.5	1 / 0	2026-03-18
21.2.4	1 / 0	2026-03-12
21.2.3	1 / 0	2026-03-11
21.2.2	1 / 0	2026-03-09
21.2.1	1 / 0	2026-03-04
21.2.0	1 / 0	2026-02-25
21.1.6	1 / 0	2026-02-25
21.1.5	1 / 0	2026-02-18
21.1.4	1 / 0	2026-02-11
21.1.3	1 / 0	2026-02-05
21.1.2	1 / 0	2026-01-28
21.1.1	1 / 0	2026-01-21
21.1.0	1 / 0	2026-01-14
21.0.9	1 / 0	2026-01-14
21.0.8	1 / 0	2026-01-08
21.0.7	1 / 0	2026-01-07
21.0.6	1 / 0	2025-12-17
21.0.5	1 / 0	2025-12-11
21.0.4	1 / 0	2025-12-11
21.0.3	1 / 0	2025-12-03
21.0.2	1 / 0	2025-12-01
21.0.1	1 / 0	2025-11-25
20.3.23	1 / 0	2026-05-28
20.3.22	1 / 0	2026-05-27
20.3.21	1 / 0	2026-05-12
20.3.20	1 / 0	2026-05-06
20.3.19	1 / 0	2026-04-15
20.3.18	1 / 0	2026-03-12
20.3.17	1 / 0	2026-02-25
20.3.16	1 / 0	2026-01-07
20.3.15	1 / 0	2025-12-01
20.3.14	1 / 0	2025-11-25
19.2.24	1 / 0	2026-05-28
19.2.23	1 / 0	2026-05-27
19.2.22	1 / 0	2026-05-12
19.2.21	1 / 0	2026-04-15
19.2.20	1 / 0	2026-03-12
19.2.19	1 / 0	2026-02-25
19.2.18	1 / 0	2026-01-07
19.2.17	1 / 0	2025-12-01
19.2.16	1 / 0	2025-11-26