← Home

@angular/common

npm Repository Homepage

Angular - commonly needed directives and services

71
Versions
MIT
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

angulargoogle-wombot

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
source-diff obfuscated-file:fesm2022/common_module-8OBsKodd.mjs AI (source-diff): Standard Angular FESM2022 bundle output with long lines; not obfuscated. ai
provenance missing-githead AI (provenance): Angular packages published by google-wombot may intermittently lack gitHead due to CI pipeline changes; not a security signal for this package. ai
provenance no-provenance AI (provenance): Angular framework packages have not adopted Sigstore provenance; stable for this package. ai
source-diff obfuscated-file:locales/global/bal-Latn.js AI (source-diff): Global variant of auto-generated CLDR locale data. Same pattern as all other Angular locale files. ai
source-diff obfuscated-file:locales/bal-Latn.js AI (source-diff): Auto-generated CLDR locale data file with long lines of serialized locale arrays/objects. Standard Angular locale pattern, not obfuscation. ai
source-diff large-new-source-files AI (source-diff): Major version bump (v20→v21) naturally involves large file count changes due to restructuring and new locale additions. ai
source-diff obfuscated-file:fesm2022/common_module.mjs AI (source-diff): FESM build output for Angular; code is readable, not obfuscated. Long lines are standard for Angular's flat module format. ai
source-diff obfuscated-file:fesm2022/common_module-Dx7dWex5.mjs AI (source-diff): FESM2022 bundle output from Angular's build toolchain; long lines from bundling, not obfuscation. Source maps included. ai
bogus-package bogus-package AI (bogus-package): Angular framework sub-packages have minimal READMEs and no keywords by convention. Not a spam indicator for this package. ai
semgrep semgrep:api-obfuscation-reflect AI (semgrep): Reflect.get used in Angular's Proxy-based ngTemplateOutletContext — standard framework code, not obfuscation. ai
phantom-deps phantom-dep:tslib AI (phantom-deps): tslib is a known implicit runtime dependency for TypeScript-compiled packages. Stable false positive for @angular/common. ai

Versions (showing 71 of 71)

Hide prereleases
Version Deps Published
21.2.15 1 / 0
21.2.14 1 / 0
21.2.13 1 / 0
21.2.12 1 / 0
21.2.11 1 / 0
21.2.10 1 / 0
21.2.9 1 / 0
21.2.8 1 / 0
21.2.7 1 / 0
21.2.6 1 / 0
21.2.5 1 / 0
21.2.4 1 / 0
21.2.3 1 / 0
21.2.2 1 / 0
21.2.1 1 / 0
21.2.0 1 / 0
21.1.6 1 / 0
21.1.5 1 / 0
21.1.4 1 / 0
21.1.3 1 / 0
21.1.2 1 / 0
21.1.1 1 / 0
21.1.0 1 / 0
21.0.9 1 / 0
21.0.8 1 / 0
21.0.7 1 / 0
21.0.6 1 / 0
21.0.5 1 / 0
21.0.4 1 / 0
21.0.3 1 / 0
21.0.2 1 / 0
21.0.1 1 / 0
20.3.23 1 / 0
20.3.22 1 / 0
20.3.21 1 / 0
20.3.20 1 / 0
20.3.19 1 / 0
20.3.18 1 / 0
20.3.17 1 / 0
20.3.16 1 / 0
20.3.15 1 / 0
20.3.14 1 / 0
19.2.24 1 / 0
19.2.23 1 / 0
19.2.22 1 / 0
19.2.21 1 / 0
19.2.20 1 / 0
19.2.19 1 / 0
19.2.18 1 / 0
19.2.17 1 / 0
19.2.16 1 / 0
22.0.0-next.8 1 / 0
22.0.0-next.7 1 / 0
22.0.0-next.6 1 / 0
22.0.0-next.5 1 / 0
22.0.0-next.4 1 / 0
22.0.0-next.3 1 / 0
22.0.0-next.2 1 / 0
22.0.0-next.1 1 / 0
22.0.0-next.0 1 / 0
21.2.0-rc.0 1 / 0
21.2.0-next.3 1 / 0
21.2.0-next.2 1 / 0
21.2.0-next.1 1 / 0
21.2.0-next.0 1 / 0
21.1.0-rc.0 1 / 0
21.1.0-next.4 1 / 0
21.1.0-next.3 1 / 0
21.1.0-next.2 1 / 0
21.1.0-next.1 1 / 0
21.1.0-next.0 1 / 0

v21.2.15

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v21.2.14

2 findings
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Missing gitHead — previous versions had it provenance

[Accepted risk] This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: google-wombot.

v21.2.13

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v21.2.12

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v21.2.11

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v21.2.10

2 findings
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Missing gitHead — previous versions had it provenance

[Accepted risk] This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: google-wombot.

v20.3.23

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v20.3.22

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v20.3.21

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v20.3.20

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v19.2.24

2 findings
HIGH New obfuscated file: fesm2022/common_module-8OBsKodd.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v19.2.23

2 findings
HIGH New obfuscated file: fesm2022/common_module-8OBsKodd.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v19.2.22

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v22.0.0-next.8

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v22.0.0-next.7

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v22.0.0-next.6

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v22.0.0-next.5

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v22.0.0-next.4

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v22.0.0-next.3

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v22.0.0-next.2

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v22.0.0-next.1

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v22.0.0-next.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v21.2.0-rc.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v21.2.0-next.3

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v21.2.0-next.2

2 findings
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Missing gitHead — previous versions had it provenance

[Accepted risk] This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: google-wombot.

v21.2.0-next.1

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v21.2.0-next.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v21.1.0-rc.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v21.1.0-next.4

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v21.1.0-next.3

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v21.1.0-next.2

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v21.1.0-next.1

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v21.1.0-next.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.