← Home

@babel/plugin-proposal-unicode-property-regex

npm Repository Homepage

Compile Unicode property escapes in Unicode regular expressions to ES5.

21
Versions
MIT
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

hzooexistentialismnicolo-ribaudojlhwung

Keywords

babel-pluginregexregexpregular expressionsunicode propertiesunicode

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
provenance missing-githead AI (provenance): Babel monorepo publish environment changes are common and expected; missing gitHead is a hygiene signal, not a security indicator, for this well-established package. ai
bogus-package bogus-package AI (bogus-package): Babel monorepo produces many small, templated plugin packages by design. Tiny payload and mass-production signals are expected and benign for this package. ai
provenance no-provenance AI (provenance): Established Babel core package published before Sigstore provenance was standard; trusted publisher with strong track record. ai
provenance publisher-changed AI (provenance): nicolo-ribaudo is a well-known Babel core team member; the hzoo→nicolo-ribaudo transition is a legitimate maintainer handoff within the Babel project, not a compromise. ai
maintainer-change maintainer-added AI (maintainer-change): nicolo-ribaudo is a trusted Babel core contributor with 215 packages and 5685 approved edges; addition is a legitimate team change. ai
maintainer-change maintainer-removed AI (maintainer-change): Removal of xtuc is part of the same legitimate Babel team transition; no malicious indicators present. ai

Versions (showing 21 of 21)

Show 1 prerelease
Version Deps Published
7.18.6 2 / 2
7.17.12 2 / 2
7.16.7 2 / 2
7.16.5 2 / 2
7.16.0 2 / 2
7.14.5 2 / 2
7.12.13 2 / 2
7.12.1 2 / 2
7.10.4 2 / 2
7.10.1 2 / 2
7.8.8 2 / 2
7.8.3 2 / 2
7.8.0 2 / 2
7.7.7 2 / 2
7.7.4 2 / 2
7.7.0 2 / 2
7.6.2 3 / 2
7.4.4 3 / 2
7.4.0 3 / 2
7.2.0 3 / 2
7.0.0 3 / 2

v7.17.12

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.16.7

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.16.5

2 findings
HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.16.0

2 findings
HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.14.5

2 findings
HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.12.13

2 findings
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Missing gitHead — previous versions had it provenance

[Accepted risk] This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.

v7.12.1

3 findings
HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: jlhwung → nicolo-ribaudo (on 2020-10-15) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2020-10-15. This could indicate a legitimate maintainer transition or an account compromise.

v7.10.4

2 findings
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: nicolo-ribaudo → jlhwung (on 2020-06-30) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2020-06-30. This could indicate a legitimate maintainer transition or an account compromise.

v7.10.1

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.8.8

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.8.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.8.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.7.7

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.7.4

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.7.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.6.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.4.4

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.4.0

2 findings
HIGH Publisher changed: hzoo → nicolo-ribaudo (on 2019-03-19) provenance

This version was published by a different npm account than previous versions on 2019-03-19. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.2.0

2 findings
HIGH Publisher changed: hzoo → nicolo-ribaudo (on 2018-12-03) provenance

This version was published by a different npm account than previous versions on 2018-12-03. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.0.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.