@babel/helper-member-expression-to-functions
Helper function to replace certain member expressions with function calls
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | publisher-changed | AI (provenance): nicolo-ribaudo is a known Babel core maintainer; the 2019 publisher transition from hzoo is a documented, legitimate Babel project maintainer handoff. | ai | |
| maintainer-change | maintainer-added | AI (maintainer-change): nicolo-ribaudo is a well-established Babel core contributor with extensive npm track record; addition is a legitimate maintainer transition. | ai | |
| maintainer-change | maintainer-removed | AI (maintainer-change): Removal of xtuc is part of the documented Babel project maintainer rotation in 2019; no evidence of compromise. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Babel monorepo packages intentionally share a templated name shape; mass-production signal is expected for this ecosystem. No keywords is cosmetic for a utility helper. | ai | |
| provenance | missing-githead | AI (provenance): Missing gitHead is a known artifact of Babel's monorepo publish workflow, not a security indicator. Trusted publisher with long track record. | ai | |
| provenance | no-provenance | AI (provenance): This version predates Sigstore provenance adoption; absence is expected for this era of Babel releases. | ai |
Versions (showing 52 of 52)
| Version | Deps | Published |
|---|---|---|
| 7.29.7 | 2 / 0 | |
| 7.28.5 | 2 / 0 | |
| 7.27.1 | 2 / 0 | |
| 7.25.9 | 2 / 0 | |
| 7.25.7 | 2 / 0 | |
| 7.24.8 | 2 / 0 | |
| 7.24.7 | 2 / 0 | |
| 7.24.6 | 1 / 1 | |
| 7.24.5 | 1 / 1 | |
| 7.23.0 | 1 / 1 | |
| 7.22.15 | 1 / 1 | |
| 7.22.5 | 1 / 1 | |
| 7.22.3 | 1 / 1 | |
| 7.22.0 | 1 / 1 | |
| 7.21.5 | 1 / 1 | |
| 7.21.0 | 1 / 1 | |
| 7.20.7 | 1 / 1 | |
| 7.18.9 | 1 / 1 | |
| 7.18.6 | 1 / 1 | |
| 7.17.7 | 1 / 1 | |
| 7.16.7 | 1 / 1 | |
| 7.16.5 | 1 / 1 | |
| 7.16.0 | 1 / 1 | |
| 7.15.4 | 1 / 1 | |
| 7.15.0 | 1 / 1 | |
| 7.14.7 | 1 / 1 | |
| 7.14.5 | 1 / 1 | |
| 7.13.12 | 1 / 1 | |
| 7.13.0 | 1 / 0 | |
| 7.12.17 | 1 / 0 | |
| 7.12.16 | 1 / 0 | |
| 7.12.13 | 1 / 0 | |
| 7.12.7 | 1 / 0 | |
| 7.12.1 | 1 / 0 | |
| 7.12.0 | 1 / 0 | |
| 7.11.0 | 1 / 0 | |
| 7.10.5 | 1 / 0 | |
| 7.10.4 | 1 / 0 | |
| 7.10.3 | 1 / 0 | |
| 7.10.1 | 1 / 0 | |
| 7.10.0 | 1 / 0 | |
| 7.8.3 | 1 / 0 | |
| 7.8.0 | 1 / 0 | |
| 7.7.4 | 1 / 0 | |
| 7.7.0 | 1 / 0 | |
| 7.5.5 | 1 / 0 | |
| 7.0.0 | 1 / 0 | |
| 8.0.0-rc.3 | 2 / 0 | |
| 8.0.0-rc.2 | 2 / 0 | |
| 8.0.0-rc.1 | 2 / 0 | |
| 8.0.0-beta.4 | 2 / 0 | |
| 7.0.0-beta.46 | 1 / 0 |
v7.29.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.27.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.25.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.25.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.24.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.24.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.24.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.24.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.23.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.22.15
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.22.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.22.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.22.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.21.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.21.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.20.7
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.18.9
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.18.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.17.7
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.16.7
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.16.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.16.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.15.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.15.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.14.7
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.14.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.13.12
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.13.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.12.17
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.12.16
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.12.13
2 findings[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
v7.12.7
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.12.1
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.12.0
3 findings[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
[Accepted risk] This version was published by a different npm account than previous versions on 2020-10-14. This could indicate a legitimate maintainer transition or an account compromise.
v7.11.0
2 findings[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: jlhwung.
v7.10.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.10.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.10.3
2 findings[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version was published by a different npm account than previous versions on 2020-06-19. This could indicate a legitimate maintainer transition or an account compromise.
v7.10.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.10.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.8.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.8.0
2 findingsThis version was published by a different npm account than previous versions on 2020-01-12. This could indicate a legitimate maintainer transition or an account compromise.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.7.4
2 findingsThis version was published by a different npm account than previous versions on 2019-11-22. This could indicate a legitimate maintainer transition or an account compromise.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.7.0
2 findingsThis version was published by a different npm account than previous versions on 2019-11-05. This could indicate a legitimate maintainer transition or an account compromise.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.5.5
2 findingsThis version was published by a different npm account than previous versions on 2019-07-17. This could indicate a legitimate maintainer transition or an account compromise.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.0.0
2 findings[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version was published by a different npm account than previous versions on 2018-08-27. This could indicate a legitimate maintainer transition or an account compromise.