@babel/generator
Turns an AST into code.
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:@types/jsesc | AI (phantom-deps): Type-only packages are not directly imported; they are consumed by TypeScript tooling by convention. This is expected behavior for @types/* packages. | ai | |
| dependencies | unvetted-dep:@types/jsesc | AI (dependencies): @types/jsesc provides TypeScript types for jsesc, which is already a direct dependency. Including it as a runtime dep is unconventional but benign for a TypeScript-shipping package. | ai | |
| provenance | missing-githead | AI (provenance): Babel team changed their publish pipeline; missing gitHead is a process gap, not a security signal, for this well-established core package. | ai | |
| provenance | no-provenance | AI (provenance): Sigstore provenance was not yet standard practice for Babel at this version; no security risk given publisher track record and package history. | ai | |
| maintainer-change | maintainer-removed | AI (maintainer-change): Maintainer rotation in the Babel project is routine; removal of developit does not indicate a takeover given the established team context. | ai | |
| provenance | publisher-changed | AI (provenance): jlhwung is a known Babel core team member; publisher rotation among Babel team members is normal for this monorepo package. | ai | |
| maintainer-change | maintainer-added | AI (maintainer-change): jlhwung is a legitimate Babel core team member with a strong track record; addition is consistent with normal Babel team operations. | ai | |
| publish-pattern | new-deps-added | AI (publish-pattern): @babel/parser and @jridgewell/* are well-known, legitimate Babel/source-map ecosystem packages; this dependency modernization is a routine refactor for this package. | ai | |
| bogus-package | bogus-package | AI (bogus-package): hzoo (Henry Zhu) is the founder of Babel; spam flag is a false positive. No-keywords signal is irrelevant for a core Babel package. | ai | |
| phantom-deps | phantom-dep:@babel/parser | AI (phantom-deps): @babel/parser is a legitimate declared dependency in the Babel monorepo ecosystem; phantom-dep flag is a false positive for this package. | ai | |
| dependencies | unvetted-dep:jsesc | AI (dependencies): jsesc is a standard, well-known utility for escaping strings; stable dependency for this package. | ai | |
| dependencies | unvetted-dep:@babel/parser | AI (dependencies): @babel/parser is the official Babel parser from the same monorepo; a core and expected dependency for @babel/generator. | ai |
Versions (showing 100 of 148)
| Version | Deps | Published |
|---|---|---|
| 7.29.7 | 5 / 5 | |
| 7.29.6 | 5 / 5 | |
| 7.29.1 | 5 / 5 | |
| 7.29.0 | 5 / 5 | |
| 7.28.6 | 5 / 5 | |
| 7.28.5 | 5 / 5 | |
| 7.28.3 | 5 / 5 | |
| 7.28.0 | 5 / 6 | |
| 7.27.5 | 5 / 6 | |
| 7.27.3 | 5 / 6 | |
| 7.27.1 | 5 / 6 | |
| 7.27.0 | 5 / 6 | |
| 7.26.10 | 5 / 6 | |
| 7.26.9 | 5 / 6 | |
| 7.26.8 | 5 / 6 | |
| 7.26.5 | 5 / 6 | |
| 7.26.3 | 5 / 6 | |
| 7.26.2 | 5 / 6 | |
| 7.26.0 | 5 / 6 | |
| 7.25.9 | 4 / 5 | |
| 7.25.7 | 4 / 5 | |
| 7.25.6 | 4 / 5 | |
| 7.25.5 | 4 / 5 | |
| 7.25.4 | 4 / 5 | |
| 7.25.0 | 4 / 5 | |
| 7.24.10 | 4 / 5 | |
| 7.24.9 | 4 / 5 | |
| 7.24.8 | 4 / 5 | |
| 7.24.7 | 4 / 5 | |
| 7.24.6 | 4 / 5 | |
| 7.24.5 | 4 / 5 | |
| 7.24.4 | 4 / 5 | |
| 7.24.1 | 4 / 5 | |
| 7.23.6 | 4 / 5 | |
| 7.23.5 | 4 / 5 | |
| 7.23.4 | 4 / 5 | |
| 7.23.3 | 4 / 5 | |
| 7.23.0 | 4 / 5 | |
| 7.22.15 | 4 / 5 | |
| 7.22.10 | 4 / 5 | |
| 7.22.9 | 4 / 5 | |
| 7.22.7 | 4 / 5 | |
| 7.22.5 | 4 / 4 | |
| 7.22.3 | 4 / 4 | |
| 7.22.0 | 4 / 4 | |
| 7.21.9 | 4 / 4 | |
| 7.21.5 | 4 / 4 | |
| 7.21.4 | 4 / 4 | |
| 7.21.3 | 4 / 4 | |
| 7.21.1 | 4 / 4 | |
| 7.21.0 | 4 / 4 | |
| 7.20.14 | 3 / 5 | |
| 7.20.7 | 3 / 5 | |
| 7.20.5 | 3 / 5 | |
| 7.20.4 | 3 / 5 | |
| 7.20.3 | 3 / 5 | |
| 7.20.2 | 3 / 5 | |
| 7.20.1 | 3 / 5 | |
| 7.20.0 | 3 / 5 | |
| 7.19.6 | 3 / 5 | |
| 7.19.5 | 3 / 5 | |
| 7.19.4 | 3 / 5 | |
| 7.19.3 | 3 / 5 | |
| 7.19.0 | 3 / 5 | |
| 7.18.13 | 3 / 5 | |
| 7.18.12 | 3 / 5 | |
| 7.18.10 | 3 / 5 | |
| 7.18.9 | 3 / 5 | |
| 7.18.7 | 3 / 5 | |
| 7.18.6 | 3 / 5 | |
| 7.18.2 | 3 / 5 | |
| 7.18.0 | 3 / 5 | |
| 7.17.12 | 3 / 5 | |
| 7.17.10 | 3 / 5 | |
| 7.17.9 | 3 / 6 | |
| 7.17.7 | 3 / 6 | |
| 7.17.3 | 3 / 6 | |
| 7.17.0 | 3 / 5 | |
| 7.16.8 | 3 / 5 | |
| 7.16.7 | 3 / 5 | |
| 7.16.5 | 3 / 5 | |
| 7.16.0 | 3 / 5 | |
| 7.15.8 | 3 / 5 | |
| 7.15.4 | 3 / 5 | |
| 7.15.0 | 3 / 5 | |
| 7.14.9 | 3 / 5 | |
| 7.14.8 | 3 / 4 | |
| 7.14.5 | 3 / 4 | |
| 7.14.3 | 3 / 4 | |
| 7.14.2 | 3 / 4 | |
| 7.14.1 | 3 / 4 | |
| 7.14.0 | 3 / 4 | |
| 7.13.16 | 3 / 4 | |
| 7.13.9 | 3 / 5 | |
| 7.13.0 | 3 / 5 | |
| 7.12.17 | 3 / 5 | |
| 7.12.15 | 3 / 5 | |
| 7.12.13 | 3 / 5 | |
| 7.12.11 | 3 / 2 | |
| 7.12.10 | 3 / 2 |
v7.29.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.29.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.29.1
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version was published by a different npm account than previous versions on 2026-02-04. This could indicate a legitimate maintainer transition or an account compromise.
v7.29.0
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version was published by a different npm account than previous versions on 2026-01-31. This could indicate a legitimate maintainer transition or an account compromise.
v7.28.6
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version was published by a different npm account than previous versions on 2026-01-12. This could indicate a legitimate maintainer transition or an account compromise.
v7.28.5
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version was published by a different npm account than previous versions on 2025-10-23. This could indicate a legitimate maintainer transition or an account compromise.
v7.28.3
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version was published by a different npm account than previous versions on 2025-08-14. This could indicate a legitimate maintainer transition or an account compromise.
v7.28.0
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version was published by a different npm account than previous versions on 2025-07-02. This could indicate a legitimate maintainer transition or an account compromise.
v7.27.5
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version was published by a different npm account than previous versions on 2025-06-03. This could indicate a legitimate maintainer transition or an account compromise.
v7.27.3
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version was published by a different npm account than previous versions on 2025-05-27. This could indicate a legitimate maintainer transition or an account compromise.
v7.27.1
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version was published by a different npm account than previous versions on 2025-04-30. This could indicate a legitimate maintainer transition or an account compromise.
v7.27.0
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version was published by a different npm account than previous versions on 2025-03-24. This could indicate a legitimate maintainer transition or an account compromise.
v7.26.10
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version was published by a different npm account than previous versions on 2025-03-11. This could indicate a legitimate maintainer transition or an account compromise.
v7.26.9
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version was published by a different npm account than previous versions on 2025-02-14. This could indicate a legitimate maintainer transition or an account compromise.
v7.26.8
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version was published by a different npm account than previous versions on 2025-02-08. This could indicate a legitimate maintainer transition or an account compromise.
v7.26.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.26.3
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version was published by a different npm account than previous versions on 2024-12-04. This could indicate a legitimate maintainer transition or an account compromise.
v7.26.2
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version was published by a different npm account than previous versions on 2024-10-30. This could indicate a legitimate maintainer transition or an account compromise.
v7.26.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.25.9
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version was published by a different npm account than previous versions on 2024-10-22. This could indicate a legitimate maintainer transition or an account compromise.
v7.25.7
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version was published by a different npm account than previous versions on 2024-10-02. This could indicate a legitimate maintainer transition or an account compromise.
v7.25.6
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version was published by a different npm account than previous versions on 2024-08-29. This could indicate a legitimate maintainer transition or an account compromise.
v7.25.5
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version was published by a different npm account than previous versions on 2024-08-23. This could indicate a legitimate maintainer transition or an account compromise.
v7.25.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.25.0
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version was published by a different npm account than previous versions on 2024-07-26. This could indicate a legitimate maintainer transition or an account compromise.
v7.24.10
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version was published by a different npm account than previous versions on 2024-07-16. This could indicate a legitimate maintainer transition or an account compromise.
v7.24.9
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version was published by a different npm account than previous versions on 2024-07-15. This could indicate a legitimate maintainer transition or an account compromise.
v7.24.8
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.24.7
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.24.6
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.24.5
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.24.4
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version was published by a different npm account than previous versions on 2024-04-03. This could indicate a legitimate maintainer transition or an account compromise.
v7.24.1
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.23.6
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.23.5
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.23.4
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.23.3
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.23.0
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.22.15
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.22.10
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.22.9
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.22.7
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.22.5
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.22.3
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.22.0
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.21.9
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.21.5
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.21.4
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.21.3
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.21.1
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.21.0
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.20.14
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.20.7
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.20.5
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.20.4
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.20.3
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.20.2
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.20.1
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.20.0
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.19.6
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.19.5
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.19.4
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.19.3
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.19.0
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.18.13
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.18.12
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version was published by a different npm account than previous versions on 2022-08-05. This could indicate a legitimate maintainer transition or an account compromise.
v7.18.10
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.18.9
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.18.7
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.18.6
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.18.2
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.18.0
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.17.12
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.17.10
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.17.9
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.17.7
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.17.3
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.17.0
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.16.8
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.16.7
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.16.5
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.16.0
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.15.8
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.15.4
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.15.0
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.14.9
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.14.8
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.14.5
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.14.3
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.14.2
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.14.1
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.14.0
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.13.16
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.13.9
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.13.0
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.12.17
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.12.15
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.12.13
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.12.11
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.12.10
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.