@babel/plugin-transform-parameters
Compile ES2015 default and rest parameters to ES5
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | publisher-changed | AI (provenance): nicolo-ribaudo is a well-known Babel core team member; this is a documented legitimate maintainer transition within the Babel project, not a compromise. | ai | |
| provenance | missing-githead | AI (provenance): Babel monorepo publish pipeline change; nicolo-ribaudo is a highly trusted publisher with a long track record. Missing gitHead is not indicative of malicious activity for this package. | ai | |
| provenance | no-provenance | AI (provenance): Sigstore provenance was not yet standard practice at the time of this publish (2021); absence is expected for this era of @babel packages. | ai |
Versions (showing 56 of 56)
| Version | Deps | Published |
|---|---|---|
| 7.29.7 | 1 / 2 | |
| 7.27.7 | 1 / 2 | |
| 7.27.1 | 1 / 2 | |
| 7.25.9 | 1 / 2 | |
| 7.25.7 | 1 / 2 | |
| 7.24.7 | 1 / 2 | |
| 7.24.6 | 1 / 2 | |
| 7.24.5 | 1 / 2 | |
| 7.24.1 | 1 / 2 | |
| 7.23.3 | 1 / 2 | |
| 7.22.15 | 1 / 2 | |
| 7.22.5 | 1 / 2 | |
| 7.22.3 | 1 / 2 | |
| 7.22.0 | 1 / 2 | |
| 7.21.3 | 1 / 2 | |
| 7.20.7 | 1 / 2 | |
| 7.20.5 | 1 / 2 | |
| 7.20.3 | 1 / 2 | |
| 7.20.1 | 1 / 2 | |
| 7.18.8 | 1 / 2 | |
| 7.18.6 | 1 / 2 | |
| 7.17.12 | 1 / 2 | |
| 7.16.7 | 1 / 2 | |
| 7.16.5 | 1 / 2 | |
| 7.16.3 | 1 / 2 | |
| 7.16.0 | 1 / 2 | |
| 7.15.4 | 1 / 2 | |
| 7.14.5 | 1 / 2 | |
| 7.14.2 | 1 / 2 | |
| 7.13.0 | 1 / 2 | |
| 7.12.13 | 1 / 2 | |
| 7.12.1 | 1 / 2 | |
| 7.10.5 | 2 / 2 | |
| 7.10.4 | 2 / 2 | |
| 7.10.1 | 2 / 2 | |
| 7.9.5 | 2 / 2 | |
| 7.9.3 | 2 / 2 | |
| 7.8.8 | 3 / 2 | |
| 7.8.7 | 3 / 2 | |
| 7.8.4 | 3 / 2 | |
| 7.8.3 | 3 / 2 | |
| 7.8.0 | 3 / 2 | |
| 7.7.7 | 3 / 2 | |
| 7.7.4 | 3 / 2 | |
| 7.4.4 | 3 / 2 | |
| 7.4.3 | 3 / 2 | |
| 7.4.0 | 3 / 2 | |
| 7.3.3 | 3 / 2 | |
| 7.2.0 | 3 / 2 | |
| 7.1.0 | 3 / 2 | |
| 7.0.0 | 3 / 2 | |
| 8.0.0-rc.3 | 1 / 2 | |
| 8.0.0-rc.2 | 1 / 2 | |
| 8.0.0-rc.1 | 1 / 2 | |
| 8.0.0-beta.4 | 1 / 2 | |
| 7.0.0-beta.31 | 5 / 2 |
v7.29.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.27.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.25.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.25.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.24.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.24.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.24.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.24.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.23.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.22.15
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.22.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.22.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.22.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.21.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.20.7
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.20.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.20.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.20.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.18.8
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.18.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.17.12
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.16.7
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.16.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.16.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.16.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.15.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.14.5
2 findings[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
v7.14.2
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.13.0
2 findings[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
v7.12.13
2 findings[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
v7.12.1
3 findingsThis version was published by a different npm account than previous versions on 2020-10-15. This could indicate a legitimate maintainer transition or an account compromise.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
v7.10.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.10.4
2 findings[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version was published by a different npm account than previous versions on 2020-06-30. This could indicate a legitimate maintainer transition or an account compromise.
v7.10.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.9.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.9.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.8.8
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.8.7
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.8.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.8.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.8.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.7.7
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.7.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.4.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.4.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.4.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.3.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.2.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.1.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.0.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.