@babel/eslint-plugin — Greenflagged

Companion rules for @babel/eslint-parser

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

hzooexistentialismnicolo-ribaudojlhwung

Keywords

babeleslinteslintplugineslint-pluginbabel-eslint

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): nicolo-ribaudo is a well-known Babel core maintainer; the transition from jlhwung is a legitimate team handoff within the Babel project, stable for this package.	ai	2026/04/24
provenance	missing-githead	AI (provenance): Missing gitHead reflects a publish environment change within the Babel team; no evidence of compromise and package content is consistent with prior versions.	ai	2026/04/24

Versions (showing 32 of 32)

Hide prereleases

Version	Deps	Published
7.29.7	1 / 2	2026-05-25
7.27.1	1 / 2	2025-04-30
7.27.0	1 / 2	2025-03-24
7.26.10	1 / 2	2025-03-11
7.25.9	1 / 2	2024-10-22
7.25.7	1 / 2	2024-10-02
7.25.1	1 / 2	2024-07-28
7.24.7	1 / 2	2024-06-05
7.24.6	1 / 2	2024-05-24
7.24.5	1 / 2	2024-04-29
7.23.5	1 / 2	2023-11-29
7.22.10	1 / 2	2023-08-07
7.22.5	1 / 2	2023-06-08
7.19.1	1 / 2	2022-09-14
7.18.10	1 / 2	2022-08-01
7.17.7	1 / 2	2022-03-14
7.16.5	1 / 2	2021-12-13
7.14.5	1 / 2	2021-06-09
7.13.16	1 / 2	2021-04-20
7.13.15	1 / 2	2021-04-08
7.13.10	1 / 2	2021-03-08
7.13.0	1 / 2	2021-02-22
7.12.13	1 / 2	2021-02-03
7.12.1	1 / 2	2020-10-15
7.11.5	1 / 2	2020-08-31
7.11.3	1 / 2	2020-08-08
7.11.0	1 / 2	2020-07-30
8.0.0-rc.3	0 / 1	2026-03-16
8.0.0-rc.2	1 / 2	2026-02-15
8.0.0-rc.1	1 / 2	2026-01-31
8.0.0-beta.4	1 / 2	2026-01-12
8.0.0-beta.3	1 / 2	2025-10-23

v7.29.7

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.27.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.27.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.26.10

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.25.9

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.25.7

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.25.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.24.7

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.24.6

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.24.5

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.23.5

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.22.10

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.22.5

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.19.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.18.10

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.17.7

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.16.5

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.14.5

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.13.16

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.13.15

2 findings

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Missing gitHead — previous versions had it provenance

[Accepted risk] This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.

v7.13.10

2 findings

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Missing gitHead — previous versions had it provenance

[Accepted risk] This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.

v7.13.0

2 findings

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Missing gitHead — previous versions had it provenance

[Accepted risk] This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.

v7.12.13

2 findings

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Missing gitHead — previous versions had it provenance

[Accepted risk] This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.

v7.12.1

3 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.

HIGH Publisher changed: jlhwung → nicolo-ribaudo (on 2020-10-15) provenance

This version was published by a different npm account than previous versions on 2020-10-15. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.11.5

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.11.3

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.11.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.