@babel/plugin-transform-class-properties
This plugin transforms static class properties as well as properties declared with the property initializer syntax
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:@babel/helper-create-class-features-plugin | AI (dependencies): This is an official Babel monorepo internal helper package, consistently used across all @babel/* plugin versions. Not a risk signal. | ai | |
| provenance | publisher-changed | AI (provenance): Babel project migrated to GitHub Actions for automated publishing. This is a documented, security-improving practice for the official babel/babel monorepo and generalizes to all future versions. | ai | |
| bogus-package | bogus-package | AI (bogus-package): hzoo (Henry Zhu) is a well-known former Babel lead maintainer, not a spam actor. This is a stable false positive for all @babel/* packages. | ai | |
| provenance | no-provenance | AI (provenance): Official Babel monorepo package published via GitHub Actions CI; lack of Sigstore provenance is consistent with Babel's release pipeline and not a security concern for this well-known package. | ai |
Versions (showing 13 of 13)
| Version | Deps | Published |
|---|---|---|
| 7.29.7 | 2 / 2 | |
| 7.28.6 | 2 / 2 | |
| 7.27.1 | 2 / 2 | |
| 7.25.9 | 2 / 2 | |
| 7.25.7 | 2 / 2 | |
| 7.25.4 | 2 / 2 | |
| 7.24.7 | 2 / 2 | |
| 7.24.6 | 2 / 2 | |
| 7.24.1 | 2 / 2 | |
| 7.23.3 | 2 / 2 | |
| 7.22.5 | 2 / 2 | |
| 7.22.3 | 2 / 2 | |
| 7.22.0 | 2 / 2 |
v7.29.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.27.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.25.9
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.25.7
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.25.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.24.7
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.24.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.24.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.23.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.22.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.22.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.22.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.