@babel/helper-compilation-targets
Helper functions on Babel compilation targets
60
Versions
MIT
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
No source commit
Maintainers
hzooexistentialismnicolo-ribaudojlhwung
Keywords
babelbabel-plugin
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | missing-githead | AI (provenance): Babel migrated to GitHub Actions publishing; missing gitHead is a known side effect of this CI/CD workflow change, not a supply-chain risk indicator. | ai | |
| provenance | no-provenance | AI (provenance): Babel publishes via GitHub Actions without Sigstore attestation; consistent across the entire @babel/* namespace. | ai | |
| maintainer-change | maintainer-added | AI (maintainer-change): jlhwung is a known Babel core team member; this reflects a legitimate team roster change within the official Babel project, not a takeover. | ai | |
| maintainer-change | maintainer-removed | AI (maintainer-change): developit's removal is consistent with normal Babel team transitions; paired with addition of another known Babel contributor, not a takeover signal. | ai | |
| provenance | publisher-changed | AI (provenance): Babel monorepo migrated to GitHub Actions for automated publishing; this is a legitimate CI/CD transition, not an account compromise. Consistent across all @babel/* packages. | ai | |
| publish-pattern | new-deps-added | AI (publish-pattern): lru-cache is a well-established, trusted npm package; its addition for caching in a compilation-targets helper is benign and intentional. | ai | |
| dependencies | unvetted-dep:@nicolo-ribaudo/semver-v6 | AI (dependencies): This is a first-party scoped semver fork maintained by the same Babel core team member (nicolo-ribaudo) who publishes this package. The swap from semver to this fork is a deliberate, documented Babel ecosystem pattern. | ai | |
| dependencies | unvetted-dep:browserslist | AI (dependencies): browserslist is a well-established, widely-trusted package and a standard dependency in the Babel ecosystem; its presence here is expected and benign across all versions. | ai |
Versions (showing 60 of 60)
| Version | Deps | Published |
|---|---|---|
| 7.29.7 | 5 / 3 | |
| 7.28.6 | 5 / 3 | |
| 7.27.2 | 5 / 3 | |
| 7.27.1 | 5 / 3 | |
| 7.27.0 | 5 / 3 | |
| 7.26.5 | 5 / 3 | |
| 7.25.9 | 5 / 3 | |
| 7.25.7 | 5 / 3 | |
| 7.25.2 | 5 / 3 | |
| 7.24.8 | 5 / 3 | |
| 7.24.7 | 5 / 3 | |
| 7.24.6 | 5 / 3 | |
| 7.23.6 | 5 / 3 | |
| 7.22.15 | 5 / 3 | |
| 7.22.10 | 5 / 3 | |
| 7.22.9 | 5 / 4 | |
| 7.22.6 | 5 / 4 | |
| 7.22.5 | 5 / 4 | |
| 7.22.1 | 5 / 4 | |
| 7.21.5 | 5 / 4 | |
| 7.21.4 | 5 / 4 | |
| 7.20.7 | 5 / 4 | |
| 7.20.0 | 4 / 3 | |
| 7.19.3 | 4 / 3 | |
| 7.19.1 | 4 / 3 | |
| 7.19.0 | 4 / 3 | |
| 7.18.9 | 4 / 3 | |
| 7.18.6 | 4 / 3 | |
| 7.18.2 | 4 / 3 | |
| 7.17.10 | 4 / 3 | |
| 7.17.7 | 4 / 3 | |
| 7.16.7 | 4 / 3 | |
| 7.16.3 | 4 / 3 | |
| 7.16.0 | 4 / 3 | |
| 7.15.4 | 4 / 3 | |
| 7.15.0 | 4 / 3 | |
| 7.14.5 | 4 / 3 | |
| 7.14.4 | 4 / 3 | |
| 7.13.16 | 4 / 1 | |
| 7.13.13 | 4 / 1 | |
| 7.13.10 | 4 / 1 | |
| 7.13.8 | 4 / 1 | |
| 7.13.0 | 4 / 1 | |
| 7.12.17 | 4 / 1 | |
| 7.12.16 | 4 / 1 | |
| 7.12.13 | 4 / 1 | |
| 7.12.5 | 4 / 1 | |
| 7.12.1 | 4 / 1 | |
| 7.12.0 | 4 / 2 | |
| 7.10.4 | 5 / 2 | |
| 7.10.2 | 5 / 2 | |
| 7.10.1 | 5 / 2 | |
| 7.10.0 | 5 / 2 | |
| 7.9.6 | 5 / 2 | |
| 7.8.7 | 5 / 2 | |
| 7.8.6 | 5 / 2 | |
| 7.8.4 | 5 / 2 | |
| 7.8.3 | 5 / 2 | |
| 7.8.1 | 5 / 2 | |
| 7.8.0 | 5 / 2 |
v7.29.7
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.