@babel/parser MIT 100 versions

@babel/parser

npm Repository Homepage

A JavaScript parser

100

Versions

MIT

License

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

hzooexistentialismnicolo-ribaudojlhwung

Keywords

babeljavascriptparsertc39ecmascript@babel/parser

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	obfuscated-file:lib/index.d.ts	AI (source-diff): lib/index.d.ts is a legitimate TypeScript declaration file for @babel/parser's public API. Long lines are caused by large union types, not obfuscation. Stable false positive for this package.	ai	2026/04/23
maintainer-change	maintainer-added	AI (maintainer-change): developit (Jason Miller) is a reputable, well-known JS ecosystem contributor; addition to Babel org is a legitimate collaboration, not a takeover signal.	ai	2026/04/22
provenance	missing-githead	AI (provenance): Missing gitHead is a known artifact of monorepo publish tooling changes in the Babel project; not indicative of tampering for this well-established package.	ai	2026/04/22
maintainer-change	maintainer-removed	AI (maintainer-change): Babel team membership has evolved over time; removal of loganfsmyth and danez reflects known team changes, not a takeover. nicolo-ribaudo is a core Babel maintainer.	ai	2026/04/22
source-diff	obfuscated-file:lib/util/identifier.js	AI (source-diff): Long lines in identifier.js are Unicode character range tables, a standard pattern in JavaScript parsers. The file is readable, clean code — not obfuscated.	ai	2026/04/22
bogus-package	bogus-package	AI (bogus-package): hzoo and loganfsmyth are long-standing Babel core contributors; spam flag is a false positive for this package.	ai	2026/04/22
source-diff	large-new-source-files	AI (source-diff): New files are source maps and parser/plugin JS files consistent with a major version bump (7.18.11→7.22.5). Expected growth for a JavaScript parser adding new language features.	ai	2026/04/22
publish-pattern	new-deps-added	AI (publish-pattern): @babel/types is a core Babel package added only for type definitions (explicitly documented in package.json). Not a functional runtime dependency and not an attack vector.	ai	2026/04/22
provenance	publisher-changed	AI (provenance): Babel project transitioned to GitHub Actions CI/CD publishing — a security improvement over individual account publishing. Consistent with official babel/babel monorepo governance.	ai	2026/04/22
provenance	no-provenance	AI (provenance): Babel publishes via GitHub Actions CI without Sigstore attestation; this is consistent across all @babel/* packages and is not a risk indicator.	ai	2026/04/21
typosquat	typosquat.levenshtein:parcel	AI (typosquat): @babel/parser is the official Babel JS parser under the @babel scope — a completely distinct, well-established package from 'parcel'. Levenshtein match is a stable false positive for this package.	ai	2026/04/21

Versions (showing 100 of 204)

Hide prereleases

Version	Deps	Published
7.29.7	1 / 6	2026-05-25
7.29.3	1 / 6	2026-04-30
7.29.2	1 / 6	2026-03-16
7.29.0	1 / 6	2026-01-31
7.28.6	1 / 6	2026-01-12
7.28.5	1 / 6	2025-10-23
7.28.4	1 / 6	2025-09-05
7.28.3	1 / 6	2025-08-14
7.28.0	1 / 6	2025-07-02
7.27.7	1 / 6	2025-06-26
7.27.5	1 / 6	2025-06-03
7.27.4	1 / 6	2025-05-30
7.27.3	1 / 6	2025-05-27
7.27.2	1 / 6	2025-05-06
7.27.1	1 / 6	2025-04-30
7.27.0	1 / 6	2025-03-24
7.26.10	1 / 6	2025-03-11
7.26.9	1 / 6	2025-02-14
7.26.8	1 / 6	2025-02-08
7.26.7	1 / 6	2025-01-24
7.26.5	1 / 6	2025-01-10
7.26.3	1 / 6	2024-12-04
7.26.2	1 / 6	2024-10-30
7.26.1	1 / 6	2024-10-25
7.26.0	1 / 6	2024-10-25
7.25.9	1 / 6	2024-10-22
7.25.8	1 / 6	2024-10-10
7.25.7	1 / 6	2024-10-02
7.25.6	1 / 6	2024-08-29
7.25.4	1 / 6	2024-08-22
7.25.3	1 / 6	2024-07-31
7.25.0	0 / 7	2024-07-26
7.24.8	0 / 7	2024-07-11
7.24.7	0 / 7	2024-06-05
7.24.6	0 / 7	2024-05-24
7.24.5	0 / 6	2024-04-29
7.24.4	0 / 6	2024-04-03
7.24.1	0 / 6	2024-03-19
7.24.0	0 / 6	2024-02-28
7.23.9	0 / 6	2024-01-25
7.23.6	0 / 6	2023-12-11
7.23.5	0 / 6	2023-11-29
7.23.4	0 / 6	2023-11-20
7.23.3	0 / 6	2023-11-09
7.23.0	0 / 6	2023-09-25
7.22.16	0 / 6	2023-09-06
7.22.15	0 / 6	2023-09-04
7.22.14	0 / 6	2023-08-30
7.22.13	0 / 6	2023-08-28
7.22.11	0 / 6	2023-08-24
7.22.10	0 / 6	2023-08-07
7.22.7	0 / 6	2023-07-06
7.22.6	0 / 6	2023-07-04
7.22.5	0 / 6	2023-06-08
7.22.4	0 / 6	2023-05-29
7.22.3	0 / 6	2023-05-27
7.22.0	0 / 6	2023-05-26
7.21.9	0 / 6	2023-05-22
7.21.8	0 / 6	2023-05-02
7.21.5	0 / 6	2023-04-28
7.21.4	0 / 6	2023-03-31
7.21.3	0 / 6	2023-03-14
7.21.2	0 / 6	2023-02-23
7.21.1	0 / 6	2023-02-20
7.21.0	0 / 6	2023-02-20
7.20.15	0 / 6	2023-02-02
7.20.13	0 / 6	2023-01-21
7.20.7	0 / 6	2022-12-22
7.20.5	0 / 6	2022-11-28
7.20.3	0 / 6	2022-11-07
7.20.2	0 / 6	2022-11-04
7.20.1	0 / 6	2022-11-01
7.20.0	0 / 6	2022-10-27
7.19.6	0 / 6	2022-10-20
7.19.4	0 / 6	2022-10-10
7.19.3	0 / 6	2022-09-27
7.19.1	0 / 6	2022-09-14
7.19.0	0 / 6	2022-09-05
7.18.13	0 / 6	2022-08-22
7.18.11	0 / 6	2022-08-04
7.18.10	0 / 6	2022-08-01
7.18.9	0 / 5	2022-07-18
7.18.8	0 / 5	2022-07-08
7.18.6	0 / 5	2022-06-27
7.18.5	0 / 5	2022-06-13
7.18.4	0 / 5	2022-05-29
7.18.3	0 / 5	2022-05-25
7.18.0	0 / 5	2022-05-19
7.17.12	0 / 5	2022-05-16
7.17.10	0 / 5	2022-04-29
7.17.9	0 / 5	2022-04-06
7.17.8	0 / 4	2022-03-18
7.17.7	0 / 4	2022-03-14
7.17.3	0 / 4	2022-02-15
7.17.0	0 / 4	2022-02-02
7.16.12	0 / 4	2022-01-22
7.16.10	0 / 4	2022-01-19
7.16.8	0 / 4	2022-01-10
7.16.7	0 / 4	2021-12-31
7.16.6	0 / 4	2021-12-14

Showing 100 of 204 Next page →

v7.29.7

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.29.3

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.