@babel/plugin-proposal-function-sent
Compile the function.sent meta property to valid ES2015 code
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | publisher-changed | AI (provenance): Babel project migrated to GitHub Actions CI/CD publishing; this is a legitimate and expected transition for the @babel scope. | ai | |
| provenance | no-provenance | AI (provenance): Babel packages in this era were not yet using Sigstore provenance; absence is expected and not a risk indicator for this trusted publisher. | ai | |
| provenance | missing-githead | AI (provenance): Published by a well-established Babel core contributor (nicolo-ribaudo); missing gitHead reflects a publish environment change, not a supply chain compromise signal for this package. | ai | |
| maintainer-change | maintainer-removed | AI (maintainer-change): Removal of developit is consistent with documented Babel maintainer transitions; no evidence of hostile takeover given the trusted publisher. | ai | |
| maintainer-change | maintainer-added | AI (maintainer-change): Babel is a large OSS project with routine maintainer rotations managed by the core team; nicolo-ribaudo (publisher) is a known Babel core contributor, making this a legitimate roster change. | ai | |
| bogus-package | bogus-package | AI (bogus-package): hzoo (Henry Zhu) is the creator of Babel; spam flag is a false positive for this package. | ai | |
| dependencies | unvetted-dep:@babel/plugin-syntax-function-sent | AI (dependencies): Sibling package within the official babel/babel monorepo, published by the same Babel team. Stable false positive for this package. | ai |
Versions (showing 32 of 32)
| Version | Deps | Published |
|---|---|---|
| 7.27.1 | 2 / 2 | |
| 7.25.9 | 2 / 2 | |
| 7.25.8 | 2 / 2 | |
| 7.25.7 | 3 / 2 | |
| 7.24.7 | 3 / 2 | |
| 7.24.6 | 3 / 2 | |
| 7.24.1 | 3 / 2 | |
| 7.23.3 | 3 / 2 | |
| 7.22.5 | 3 / 2 | |
| 7.18.6 | 3 / 2 | |
| 7.18.2 | 3 / 2 | |
| 7.17.12 | 3 / 2 | |
| 7.16.7 | 3 / 2 | |
| 7.16.5 | 3 / 2 | |
| 7.16.0 | 3 / 2 | |
| 7.14.5 | 3 / 2 | |
| 7.12.13 | 3 / 2 | |
| 7.12.1 | 3 / 2 | |
| 7.10.4 | 3 / 2 | |
| 7.10.1 | 3 / 2 | |
| 7.8.3 | 3 / 2 | |
| 7.8.0 | 3 / 2 | |
| 7.7.4 | 3 / 2 | |
| 7.7.0 | 3 / 2 | |
| 7.5.0 | 3 / 2 | |
| 7.2.0 | 3 / 2 | |
| 7.1.0 | 3 / 2 | |
| 7.0.0 | 3 / 2 | |
| 8.0.0-rc.3 | 2 / 2 | |
| 8.0.0-rc.2 | 2 / 2 | |
| 8.0.0-rc.1 | 2 / 2 | |
| 8.0.0-beta.4 | 2 / 2 |
v8.0.0-rc.3
2 findingsThis version was published by a different npm account than previous versions on 2026-03-16. This could indicate a legitimate maintainer transition or an account compromise.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.0.0-rc.2
2 findingsThis version was published by a different npm account than previous versions on 2026-02-15. This could indicate a legitimate maintainer transition or an account compromise.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.0.0-rc.1
2 findingsThis version was published by a different npm account than previous versions on 2026-01-31. This could indicate a legitimate maintainer transition or an account compromise.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.0.0-beta.4
2 findingsThis version was published by a different npm account than previous versions on 2026-01-12. This could indicate a legitimate maintainer transition or an account compromise.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.