@babel/plugin-syntax-typescript

Allow parsing of TypeScript syntax

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

hzooexistentialismnicolo-ribaudojlhwung

Keywords

babel-plugintypescript

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	missing-githead	AI (provenance): Babel core maintainer nicolo-ribaudo; missing gitHead reflects a publish environment change, not a supply chain compromise. Stable false positive for this well-established package.	ai	2026/04/24
provenance	no-provenance	AI (provenance): Published by a trusted Babel core maintainer; lack of Sigstore attestation in this version era is expected and not a risk indicator for this package.	ai	2026/04/24
provenance	publisher-changed	AI (provenance): nicolo-ribaudo is a well-known core Babel contributor; the hzoo → nicolo-ribaudo transition is a documented legitimate Babel team maintainer change, not a compromise.	ai	2026/04/24
maintainer-change	maintainer-added	AI (maintainer-change): nicolo-ribaudo is a core Babel team member with extensive history; this is a legitimate maintainer addition within the Babel project.	ai	2026/04/24
bogus-package	bogus-package	AI (bogus-package): Tiny payload is expected for a Babel syntax plugin (thin wrapper). Mass-production signal reflects Babel monorepo templated structure, not spam.	ai	2026/04/24

Versions (showing 36 of 36)

Hide prereleases

Version	Deps	Published
7.29.7	1 / 2	2026-05-25
7.28.6	1 / 2	2026-01-12
7.27.1	1 / 2	2025-04-30
7.25.9	1 / 2	2024-10-22
7.25.7	1 / 2	2024-10-02
7.25.4	1 / 2	2024-08-22
7.24.7	1 / 2	2024-06-05
7.24.6	1 / 2	2024-05-24
7.24.1	1 / 2	2024-03-19
7.23.3	1 / 2	2023-11-09
7.22.5	1 / 2	2023-06-08
7.21.4	1 / 2	2023-03-31
7.20.0	1 / 2	2022-10-27
7.18.6	1 / 2	2022-06-27
7.17.12	1 / 2	2022-05-16
7.17.10	1 / 2	2022-04-29
7.16.7	1 / 2	2021-12-31
7.16.5	1 / 2	2021-12-13
7.16.0	1 / 2	2021-10-29
7.14.5	1 / 1	2021-06-09
7.12.13	1 / 1	2021-02-03
7.12.1	1 / 1	2020-10-15
7.10.4	1 / 1	2020-06-30
7.10.1	1 / 1	2020-05-27
7.8.3	1 / 1	2020-01-13
7.8.0	1 / 1	2020-01-12
7.7.4	1 / 1	2019-11-22
7.3.3	1 / 1	2019-02-15
7.2.0	1 / 1	2018-12-03
7.1.5	1 / 1	2018-11-06
7.0.0	1 / 1	2018-08-27
8.0.0-rc.3	1 / 2	2026-03-16
8.0.0-rc.2	1 / 2	2026-02-15
8.0.0-rc.1	1 / 2	2026-01-31
8.0.0-beta.4	1 / 2	2026-01-12
7.0.0-beta.54	1 / 1	2018-07-16

v7.29.7

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.27.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.25.9

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.25.7

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.25.4

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.24.7

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.24.6

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.24.1

2 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.23.3

2 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.22.5

2 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.21.4

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.20.0

2 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.18.6

2 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.17.12

2 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.17.10

2 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.16.7

2 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.16.5

2 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.16.0

2 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.14.5

3 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.

HIGH Publisher changed: jlhwung → nicolo-ribaudo (on 2021-06-09) provenance

This version was published by a different npm account than previous versions on 2021-06-09. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.12.13

3 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.

HIGH Publisher changed: jlhwung → nicolo-ribaudo (on 2021-02-03) provenance

This version was published by a different npm account than previous versions on 2021-02-03. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.12.1

3 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.

HIGH Publisher changed: jlhwung → nicolo-ribaudo (on 2020-10-15) provenance

This version was published by a different npm account than previous versions on 2020-10-15. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.10.4

2 findings

HIGH Publisher changed: nicolo-ribaudo → jlhwung (on 2020-06-30) provenance

This version was published by a different npm account than previous versions on 2020-06-30. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.10.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.8.3

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.8.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.7.4

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.3.3

2 findings

HIGH Publisher changed: hzoo → nicolo-ribaudo (on 2019-02-15) provenance

This version was published by a different npm account than previous versions on 2019-02-15. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.2.0

2 findings

HIGH Publisher changed: hzoo → nicolo-ribaudo (on 2018-12-03) provenance

This version was published by a different npm account than previous versions on 2018-12-03. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.1.5

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v7.0.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.