@babel/plugin-transform-reserved-words
Ensure that no reserved words are used.
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | publisher-changed | AI (provenance): nicolo-ribaudo is a well-known core Babel maintainer; the transition from jlhwung is a legitimate org-level maintainer handoff within the Babel project. | ai | |
| provenance | missing-githead | AI (provenance): Babel monorepo packages frequently lack gitHead due to publish pipeline specifics; not a security signal for this well-established official package. | ai | |
| provenance | no-provenance | AI (provenance): Provenance attestation was not standard practice at this version's publish time; not a security concern for this trusted Babel package. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Mass-production signal reflects Babel's monorepo with many templated plugin names; tiny payload is expected for a single-purpose Babel transform. Both are stable false positives for this package. | ai |
Versions (showing 24 of 24)
| Version | Deps | Published |
|---|---|---|
| 7.29.7 | 1 / 2 | |
| 7.27.1 | 1 / 2 | |
| 7.25.9 | 1 / 2 | |
| 7.25.7 | 1 / 2 | |
| 7.24.7 | 1 / 2 | |
| 7.24.6 | 1 / 2 | |
| 7.24.1 | 1 / 2 | |
| 7.23.3 | 1 / 2 | |
| 7.22.5 | 1 / 2 | |
| 7.18.6 | 1 / 2 | |
| 7.17.12 | 1 / 2 | |
| 7.16.7 | 1 / 2 | |
| 7.16.5 | 1 / 2 | |
| 7.16.0 | 1 / 2 | |
| 7.14.5 | 1 / 2 | |
| 7.12.13 | 1 / 2 | |
| 7.12.1 | 1 / 2 | |
| 7.10.4 | 1 / 2 | |
| 7.10.1 | 1 / 2 | |
| 7.8.3 | 1 / 2 | |
| 7.8.0 | 1 / 2 | |
| 7.7.4 | 1 / 2 | |
| 7.2.0 | 1 / 2 | |
| 7.0.0 | 1 / 2 |
v7.29.7
2 findingsPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
[Accepted risk] This version was published by a different npm account than previous versions on 2026-05-25. This could indicate a legitimate maintainer transition or an account compromise.
v7.25.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.25.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.24.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.24.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.24.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.23.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.22.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.18.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.17.12
2 findings[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
v7.16.7
2 findings[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
v7.16.5
2 findings[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
v7.16.0
2 findings[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
v7.14.5
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.12.13
3 findingsThis version was published by a different npm account than previous versions on 2021-02-03. This could indicate a legitimate maintainer transition or an account compromise.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
v7.12.1
3 findingsThis version was published by a different npm account than previous versions on 2020-10-15. This could indicate a legitimate maintainer transition or an account compromise.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
[Accepted risk] This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: nicolo-ribaudo.
v7.10.4
2 findingsThis version was published by a different npm account than previous versions on 2020-06-30. This could indicate a legitimate maintainer transition or an account compromise.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.10.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.8.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.8.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.7.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.2.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.0.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.