← Home

@babel/plugin-proposal-logical-assignment-operators

npm Repository Homepage

Transforms logical assignment operators into short-circuited assignments

23
Versions
MIT
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

hzooexistentialismnicolo-ribaudojlhwung

Keywords

babel-plugin

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
provenance publisher-changed AI (provenance): jlhwung and nicolo-ribaudo are both known Babel core contributors; publisher rotation within the Babel team is expected and not a security concern for this package. ai
maintainer-change maintainer-added AI (maintainer-change): jlhwung is a long-standing Babel team member (3368 days, 185 packages); addition as maintainer reflects normal team management, not a takeover. ai
provenance no-provenance AI (provenance): Package predates Sigstore provenance adoption; absence of attestation is expected for this era of Babel releases. ai
bogus-package bogus-package AI (bogus-package): Flagged maintainers (hzoo, loganfsmyth, danez) are well-known legitimate Babel core team members; this is a stable false positive for the @babel namespace. ai
provenance missing-githead AI (provenance): Babel monorepo publish workflow does not consistently include gitHead; absence is not indicative of tampering for this well-established package. ai

Versions (showing 23 of 23)

Version Deps Published
7.20.7 2 / 4
7.18.9 2 / 4
7.18.6 2 / 4
7.17.12 2 / 4
7.16.7 2 / 4
7.16.5 2 / 4
7.16.0 2 / 4
7.14.5 2 / 4
7.14.2 2 / 4
7.13.8 2 / 4
7.12.13 2 / 4
7.12.1 2 / 4
7.12.0 2 / 4
7.11.0 2 / 4
7.10.4 2 / 4
7.10.3 2 / 4
7.10.1 2 / 4
7.10.0 2 / 4
7.8.3 2 / 4
7.8.0 2 / 4
7.7.4 2 / 4
7.2.0 2 / 4
7.0.0 2 / 4

v7.18.9

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.18.6

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.17.12

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.16.7

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.16.5

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.16.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.14.5

2 findings
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Missing gitHead — previous versions had it provenance

[Accepted risk] This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.

v7.14.2

2 findings
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Missing gitHead — previous versions had it provenance

[Accepted risk] This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.

v7.13.8

2 findings
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Missing gitHead — previous versions had it provenance

[Accepted risk] This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.

v7.12.13

2 findings
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Missing gitHead — previous versions had it provenance

[Accepted risk] This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.

v7.12.1

2 findings
HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.12.0

3 findings
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Missing gitHead — previous versions had it provenance

[Accepted risk] This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.

INFO Publisher changed: jlhwung → nicolo-ribaudo (on 2020-10-14) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2020-10-14. This could indicate a legitimate maintainer transition or an account compromise.

v7.11.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.10.4

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.10.3

2 findings
HIGH Publisher changed: nicolo-ribaudo → jlhwung (on 2020-06-19) provenance

This version was published by a different npm account than previous versions on 2020-06-19. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.10.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.10.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.8.3

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.8.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.7.4

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.2.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v7.0.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.