@babel/preset-react
Babel preset for all React plugins.
38
Versions
MIT
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
No source commit
Maintainers
hzooexistentialismnicolo-ribaudojlhwung
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | publisher-changed | AI (provenance): jlhwung is a well-established Babel core contributor with 148 packages and strong approval history; publisher rotations are normal for the Babel monorepo team. | ai | |
| provenance | missing-githead | AI (provenance): Babel monorepo publish pipeline changes explain missing gitHead; not a security signal for this well-established package. | ai | |
| maintainer-change | maintainer-removed | AI (maintainer-change): Maintainer removals reflect normal Babel team evolution; combined with known publisher nicolo-ribaudo, not a takeover signal. | ai | |
| maintainer-change | maintainer-added | AI (maintainer-change): Babel project team transitions are well-documented; new maintainers are known Babel contributors, not indicative of takeover. | ai | |
| publish-pattern | new-deps-added | AI (publish-pattern): @babel/helper-validator-option is a first-party Babel monorepo package; adding it is routine internal refactoring, not a supply chain risk. | ai | |
| provenance | no-provenance | AI (provenance): Version predates Sigstore provenance adoption; not a meaningful risk signal for this era of Babel releases. | ai | |
| bogus-package | bogus-package | AI (bogus-package): loganfsmyth and hzoo are well-known legitimate Babel contributors; spam flag is a false positive for this official @babel/* package. | ai | |
| dependencies | unvetted-dep:@babel/plugin-transform-react-pure-annotations | AI (dependencies): First-party Babel monorepo package; part of the same official release cycle as @babel/preset-react. Not a third-party or suspicious dependency. | ai | |
| dependencies | unvetted-dep:@babel/plugin-transform-react-jsx-development | AI (dependencies): First-party Babel monorepo package; part of the same official release cycle as @babel/preset-react. Not a third-party or suspicious dependency. | ai | |
| dependencies | unvetted-dep:@babel/plugin-transform-react-display-name | AI (dependencies): First-party Babel monorepo package; part of the same official release cycle as @babel/preset-react. Not a third-party or suspicious dependency. | ai | |
| dependencies | unvetted-dep:@babel/plugin-transform-react-jsx | AI (dependencies): First-party Babel monorepo package; part of the same official release cycle as @babel/preset-react. Not a third-party or suspicious dependency. | ai |
Versions (showing 38 of 38)
| Version | Deps | Published |
|---|---|---|
| 7.29.7 | 6 / 2 | |
| 7.28.5 | 6 / 2 | |
| 7.27.1 | 6 / 2 | |
| 7.26.3 | 6 / 2 | |
| 7.25.9 | 6 / 2 | |
| 7.25.7 | 6 / 2 | |
| 7.24.7 | 6 / 2 | |
| 7.24.6 | 6 / 2 | |
| 7.24.1 | 6 / 2 | |
| 7.23.3 | 6 / 2 | |
| 7.22.15 | 6 / 2 | |
| 7.22.5 | 6 / 2 | |
| 7.22.3 | 6 / 2 | |
| 7.22.0 | 6 / 2 | |
| 7.18.6 | 6 / 2 | |
| 7.17.12 | 6 / 2 | |
| 7.16.7 | 6 / 2 | |
| 7.16.5 | 6 / 2 | |
| 7.16.0 | 6 / 2 | |
| 7.14.5 | 6 / 2 | |
| 7.13.13 | 6 / 2 | |
| 7.12.13 | 5 / 2 | |
| 7.12.10 | 5 / 2 | |
| 7.12.7 | 7 / 2 | |
| 7.12.5 | 7 / 2 | |
| 7.12.1 | 7 / 2 | |
| 7.10.4 | 7 / 3 | |
| 7.10.1 | 7 / 3 | |
| 7.10.0 | 7 / 3 | |
| 7.9.4 | 6 / 3 | |
| 7.9.1 | 6 / 3 | |
| 7.9.0 | 6 / 3 | |
| 7.8.3 | 5 / 3 | |
| 7.8.0 | 5 / 3 | |
| 7.7.4 | 5 / 3 | |
| 7.7.0 | 5 / 3 | |
| 7.6.3 | 5 / 3 | |
| 7.0.0 | 5 / 3 |
v7.29.7
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.