@babel/plugin-proposal-private-methods
This plugin transforms private class methods
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| bogus-package | bogus-package | AI (bogus-package): Babel core team members (hzoo, loganfsmyth, danez) are not spam. Monorepo produces many small @babel/* plugins by design. Stable FP for this package. | ai | |
| provenance | no-provenance | AI (provenance): Official Babel monorepo package published by a long-standing core team member; lack of Sigstore provenance is expected for this era of publishing and not a risk signal. | ai |
Versions (showing 25 of 25)
| Version | Deps | Published |
|---|---|---|
| 7.18.6 | 2 / 2 | |
| 7.17.12 | 2 / 2 | |
| 7.16.11 | 2 / 2 | |
| 7.16.7 | 2 / 2 | |
| 7.16.5 | 2 / 2 | |
| 7.16.0 | 2 / 2 | |
| 7.14.5 | 2 / 2 | |
| 7.13.0 | 2 / 2 | |
| 7.12.13 | 2 / 2 | |
| 7.12.1 | 2 / 2 | |
| 7.10.4 | 2 / 2 | |
| 7.10.1 | 2 / 2 | |
| 7.8.3 | 2 / 2 | |
| 7.8.0 | 2 / 2 | |
| 7.7.4 | 2 / 2 | |
| 7.6.0 | 2 / 2 | |
| 7.4.4 | 2 / 2 | |
| 7.4.3 | 2 / 2 | |
| 7.4.0 | 2 / 2 | |
| 7.3.4 | 2 / 2 | |
| 7.3.2 | 2 / 2 | |
| 7.3.0 | 2 / 2 | |
| 7.2.3 | 2 / 2 | |
| 7.2.1 | 2 / 2 | |
| 7.2.0 | 2 / 2 |
v7.18.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.17.12
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.16.11
2 findingsMatched 3 signal(s), weighted score 7: • [S_KNOWN_SPAM_PUBLISHER] Maintainer(s) previously flagged as spam: hzoo, loganfsmyth, danez. • [S_PUBLISHER_MASS_PRODUCTION] Maintainer 'loganfsmyth' owns 167 packages, ≥70% share a templated name shape. • [S_TINY_PAYLOAD] Tiny payload: 1 code file(s), 3156 bytes total.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.16.7
2 findingsMatched 3 signal(s), weighted score 7: • [S_KNOWN_SPAM_PUBLISHER] Maintainer(s) previously flagged as spam: hzoo, loganfsmyth, danez. • [S_PUBLISHER_MASS_PRODUCTION] Maintainer 'loganfsmyth' owns 167 packages, ≥70% share a templated name shape. • [S_TINY_PAYLOAD] Tiny payload: 1 code file(s), 3153 bytes total.
[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.16.5
2 findingsMatched 3 signal(s), weighted score 7: • [S_KNOWN_SPAM_PUBLISHER] Maintainer(s) previously flagged as spam: hzoo, loganfsmyth, danez. • [S_PUBLISHER_MASS_PRODUCTION] Maintainer 'loganfsmyth' owns 167 packages, ≥70% share a templated name shape. • [S_TINY_PAYLOAD] Tiny payload: 1 code file(s), 3153 bytes total.
[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.16.0
2 findingsMatched 3 signal(s), weighted score 7: • [S_KNOWN_SPAM_PUBLISHER] Maintainer(s) previously flagged as spam: hzoo, loganfsmyth, danez. • [S_PUBLISHER_MASS_PRODUCTION] Maintainer 'loganfsmyth' owns 167 packages, ≥70% share a templated name shape. • [S_TINY_PAYLOAD] Tiny payload: 1 code file(s), 3153 bytes total.
[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.14.5
2 findingsMatched 3 signal(s), weighted score 7: • [S_KNOWN_SPAM_PUBLISHER] Maintainer(s) previously flagged as spam: hzoo, loganfsmyth, danez. • [S_PUBLISHER_MASS_PRODUCTION] Maintainer 'loganfsmyth' owns 167 packages, ≥70% share a templated name shape. • [S_TINY_PAYLOAD] Tiny payload: 1 code file(s), 3151 bytes total.
[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.13.0
2 findingsMatched 3 signal(s), weighted score 7: • [S_KNOWN_SPAM_PUBLISHER] Maintainer(s) previously flagged as spam: hzoo, loganfsmyth, danez. • [S_PUBLISHER_MASS_PRODUCTION] Maintainer 'loganfsmyth' owns 167 packages, ≥70% share a templated name shape. • [S_TINY_PAYLOAD] Tiny payload: 1 code file(s), 3053 bytes total.
[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.12.13
2 findingsMatched 3 signal(s), weighted score 7: • [S_KNOWN_SPAM_PUBLISHER] Maintainer(s) previously flagged as spam: hzoo, loganfsmyth, danez. • [S_PUBLISHER_MASS_PRODUCTION] Maintainer 'loganfsmyth' owns 167 packages, ≥70% share a templated name shape. • [S_TINY_PAYLOAD] Tiny payload: 1 code file(s), 3048 bytes total.
[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.12.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.10.4
2 findingsMatched 3 signal(s), weighted score 7: • [S_KNOWN_SPAM_PUBLISHER] Maintainer(s) previously flagged as spam: hzoo, loganfsmyth, danez. • [S_PUBLISHER_MASS_PRODUCTION] Maintainer 'loganfsmyth' owns 167 packages, ≥70% share a templated name shape. • [S_TINY_PAYLOAD] Tiny payload: 1 code file(s), 3027 bytes total.
[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.10.1
2 findingsMatched 3 signal(s), weighted score 7: • [S_KNOWN_SPAM_PUBLISHER] Maintainer(s) previously flagged as spam: hzoo, loganfsmyth, danez. • [S_PUBLISHER_MASS_PRODUCTION] Maintainer 'loganfsmyth' owns 167 packages, ≥70% share a templated name shape. • [S_TINY_PAYLOAD] Tiny payload: 1 code file(s), 3027 bytes total.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.8.3
2 findingsMatched 3 signal(s), weighted score 7: • [S_KNOWN_SPAM_PUBLISHER] Maintainer(s) previously flagged as spam: hzoo, loganfsmyth, danez. • [S_PUBLISHER_MASS_PRODUCTION] Maintainer 'loganfsmyth' owns 167 packages, ≥70% share a templated name shape. • [S_TINY_PAYLOAD] Tiny payload: 1 code file(s), 2974 bytes total.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.8.0
2 findingsMatched 3 signal(s), weighted score 7: • [S_KNOWN_SPAM_PUBLISHER] Maintainer(s) previously flagged as spam: hzoo, loganfsmyth, danez. • [S_PUBLISHER_MASS_PRODUCTION] Maintainer 'loganfsmyth' owns 167 packages, ≥70% share a templated name shape. • [S_TINY_PAYLOAD] Tiny payload: 1 code file(s), 2996 bytes total.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.7.4
2 findingsMatched 3 signal(s), weighted score 7: • [S_KNOWN_SPAM_PUBLISHER] Maintainer(s) previously flagged as spam: hzoo, loganfsmyth, danez. • [S_PUBLISHER_MASS_PRODUCTION] Maintainer 'loganfsmyth' owns 167 packages, ≥70% share a templated name shape. • [S_TINY_PAYLOAD] Tiny payload: 1 code file(s), 2974 bytes total.
[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.6.0
2 findingsMatched 3 signal(s), weighted score 7: • [S_KNOWN_SPAM_PUBLISHER] Maintainer(s) previously flagged as spam: hzoo, loganfsmyth, danez. • [S_PUBLISHER_MASS_PRODUCTION] Maintainer 'loganfsmyth' owns 167 packages, ≥70% share a templated name shape. • [S_TINY_PAYLOAD] Tiny payload: 1 code file(s), 3194 bytes total.
[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.4.4
2 findingsMatched 3 signal(s), weighted score 7: • [S_KNOWN_SPAM_PUBLISHER] Maintainer(s) previously flagged as spam: hzoo, loganfsmyth, danez. • [S_PUBLISHER_MASS_PRODUCTION] Maintainer 'loganfsmyth' owns 167 packages, ≥70% share a templated name shape. • [S_TINY_PAYLOAD] Tiny payload: 1 code file(s), 3194 bytes total.
[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.4.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.4.0
2 findingsMatched 3 signal(s), weighted score 7: • [S_KNOWN_SPAM_PUBLISHER] Maintainer(s) previously flagged as spam: hzoo, loganfsmyth, danez. • [S_PUBLISHER_MASS_PRODUCTION] Maintainer 'loganfsmyth' owns 167 packages, ≥70% share a templated name shape. • [S_TINY_PAYLOAD] Tiny payload: 1 code file(s), 3194 bytes total.
[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.3.4
2 findingsMatched 3 signal(s), weighted score 7: • [S_KNOWN_SPAM_PUBLISHER] Maintainer(s) previously flagged as spam: hzoo, loganfsmyth, danez. • [S_PUBLISHER_MASS_PRODUCTION] Maintainer 'loganfsmyth' owns 167 packages, ≥70% share a templated name shape. • [S_TINY_PAYLOAD] Tiny payload: 1 code file(s), 3194 bytes total.
[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.3.2
2 findingsMatched 3 signal(s), weighted score 7: • [S_KNOWN_SPAM_PUBLISHER] Maintainer(s) previously flagged as spam: hzoo, loganfsmyth, danez. • [S_PUBLISHER_MASS_PRODUCTION] Maintainer 'loganfsmyth' owns 167 packages, ≥70% share a templated name shape. • [S_TINY_PAYLOAD] Tiny payload: 1 code file(s), 3194 bytes total.
[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.3.0
2 findingsMatched 3 signal(s), weighted score 7: • [S_KNOWN_SPAM_PUBLISHER] Maintainer(s) previously flagged as spam: hzoo, loganfsmyth, danez. • [S_PUBLISHER_MASS_PRODUCTION] Maintainer 'loganfsmyth' owns 167 packages, ≥70% share a templated name shape. • [S_TINY_PAYLOAD] Tiny payload: 1 code file(s), 3137 bytes total.
[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.2.3
2 findingsMatched 3 signal(s), weighted score 7: • [S_KNOWN_SPAM_PUBLISHER] Maintainer(s) previously flagged as spam: hzoo, loganfsmyth, danez. • [S_PUBLISHER_MASS_PRODUCTION] Maintainer 'loganfsmyth' owns 167 packages, ≥70% share a templated name shape. • [S_TINY_PAYLOAD] Tiny payload: 1 code file(s), 3191 bytes total.
[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.2.1
2 findingsMatched 3 signal(s), weighted score 7: • [S_KNOWN_SPAM_PUBLISHER] Maintainer(s) previously flagged as spam: hzoo, loganfsmyth, danez. • [S_PUBLISHER_MASS_PRODUCTION] Maintainer 'loganfsmyth' owns 167 packages, ≥70% share a templated name shape. • [S_TINY_PAYLOAD] Tiny payload: 1 code file(s), 3134 bytes total.
[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.2.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.