@babel/eslint-parser — Greenflagged

ESLint parser that allows for linting of experimental syntax transformed by Babel

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

hzooexistentialismnicolo-ribaudojlhwung

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	no-provenance	AI (provenance): Babel ecosystem package; provenance attestation not yet standard for this publisher but no security concern given repo transparency.	ai	2026/04/22
maintainer-change	maintainer-removed	AI (maintainer-change): danez and loganfsmyth are former Babel contributors; nicolo-ribaudo is a recognized Babel core team member. This reflects a legitimate team transition within the official Babel project.	ai	2026/04/22
publish-pattern	new-deps-added	AI (publish-pattern): New dependency is scoped to maintainer and pinned; provides eslint-scope v5 internals, a legitimate technical requirement.	ai	2026/04/22
provenance	publisher-changed	AI (provenance): nicolo-ribaudo is a well-known Babel core team maintainer; the jlhwung→nicolo-ribaudo transition is a legitimate organizational handoff within the Babel project.	ai	2026/04/22
provenance	missing-githead	AI (provenance): Documented publish environment change during maintainer transition; consistent with legitimate handoff, not malicious activity.	ai	2026/04/22
bogus-package	bogus-package	AI (bogus-package): Spam signals are outdated (hzoo reference) or minor (no keywords); package is established Babel project component.	ai	2026/04/22
semgrep	semgrep:dynamic-require	AI (semgrep): Dynamic require is a version-resolution pattern for Babel compatibility, not arbitrary module loading; stable for this package.	ai	2026/04/21
dependencies	unvetted-dep:@nicolo-ribaudo/eslint-scope-5-internals	AI (dependencies): Internal ESLint scope utility pinned to specific version; stable dependency for this package's parser functionality.	ai	2026/04/21

Versions (showing 51 of 68)

Hide prereleases View all versions

Version	Deps	Published
7.29.7	3 / 8	2026-05-25
7.28.6	3 / 8	2026-01-12
7.28.5	3 / 8	2025-10-23
7.28.4	3 / 8	2025-09-05
7.28.0	3 / 8	2025-07-02
7.27.5	3 / 8	2025-06-03
7.27.1	3 / 8	2025-04-30
7.27.0	3 / 6	2025-03-24
7.26.10	3 / 6	2025-03-11
7.26.8	3 / 6	2025-02-08
7.26.5	3 / 6	2025-01-10
7.25.9	3 / 6	2024-10-22
7.25.8	3 / 6	2024-10-10
7.25.7	3 / 6	2024-10-02
7.25.1	3 / 6	2024-07-28
7.25.0	3 / 6	2024-07-26
7.24.8	3 / 6	2024-07-11
7.24.7	3 / 6	2024-06-05
7.24.6	3 / 6	2024-05-24
7.24.5	3 / 6	2024-04-29
7.24.1	3 / 6	2024-03-19
7.23.10	3 / 6	2024-01-31
7.23.9	3 / 6	2024-01-25
7.23.3	3 / 3	2023-11-09
7.22.15	3 / 3	2023-09-04
7.22.11	3 / 3	2023-08-24
7.22.10	3 / 3	2023-08-07
7.22.9	3 / 3	2023-07-12
7.22.7	3 / 3	2023-07-06
7.22.6	3 / 3	2023-07-04
7.22.5	3 / 3	2023-06-08
7.21.8	3 / 3	2023-05-02
7.21.3	3 / 3	2023-03-14
7.19.1	3 / 3	2022-09-14
7.18.9	3 / 4	2022-07-18
7.18.2	3 / 4	2022-05-25
7.17.0	3 / 4	2022-02-02
7.16.5	3 / 4	2021-12-13
7.16.3	3 / 4	2021-11-09
7.16.0	3 / 4	2021-10-29
7.15.8	3 / 3	2021-10-06
7.15.7	3 / 3	2021-09-17
7.15.4	3 / 3	2021-09-02
7.15.0	3 / 3	2021-08-04
7.14.9	3 / 3	2021-08-01
7.14.7	3 / 3	2021-06-21
7.14.5	3 / 3	2021-06-09
7.14.4	3 / 3	2021-05-28
7.14.3	3 / 3	2021-05-17
7.14.2	3 / 3	2021-05-12
7.13.14	3 / 3	2021-03-29

v7.29.7

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.