@babel/preset-react — Greenflagged

Babel preset for all React plugins.

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

hzooexistentialismnicolo-ribaudojlhwung

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): jlhwung is a well-established Babel core contributor with 148 packages and strong approval history; publisher rotations are normal for the Babel monorepo team.	ai	2026/04/22
provenance	missing-githead	AI (provenance): Babel monorepo publish pipeline changes explain missing gitHead; not a security signal for this well-established package.	ai	2026/04/22
maintainer-change	maintainer-removed	AI (maintainer-change): Maintainer removals reflect normal Babel team evolution; combined with known publisher nicolo-ribaudo, not a takeover signal.	ai	2026/04/22
maintainer-change	maintainer-added	AI (maintainer-change): Babel project team transitions are well-documented; new maintainers are known Babel contributors, not indicative of takeover.	ai	2026/04/22
publish-pattern	new-deps-added	AI (publish-pattern): @babel/helper-validator-option is a first-party Babel monorepo package; adding it is routine internal refactoring, not a supply chain risk.	ai	2026/04/22
provenance	no-provenance	AI (provenance): Version predates Sigstore provenance adoption; not a meaningful risk signal for this era of Babel releases.	ai	2026/04/22
bogus-package	bogus-package	AI (bogus-package): loganfsmyth and hzoo are well-known legitimate Babel contributors; spam flag is a false positive for this official @babel/* package.	ai	2026/04/22
dependencies	unvetted-dep:@babel/plugin-transform-react-pure-annotations	AI (dependencies): First-party Babel monorepo package; part of the same official release cycle as @babel/preset-react. Not a third-party or suspicious dependency.	ai	2026/04/21
dependencies	unvetted-dep:@babel/plugin-transform-react-jsx-development	AI (dependencies): First-party Babel monorepo package; part of the same official release cycle as @babel/preset-react. Not a third-party or suspicious dependency.	ai	2026/04/21
dependencies	unvetted-dep:@babel/plugin-transform-react-display-name	AI (dependencies): First-party Babel monorepo package; part of the same official release cycle as @babel/preset-react. Not a third-party or suspicious dependency.	ai	2026/04/21
dependencies	unvetted-dep:@babel/plugin-transform-react-jsx	AI (dependencies): First-party Babel monorepo package; part of the same official release cycle as @babel/preset-react. Not a third-party or suspicious dependency.	ai	2026/04/21

Versions (showing 43 of 43)

Hide prereleases

Version	Deps	Published
7.29.7	6 / 2	2026-05-25
7.28.5	6 / 2	2025-10-23
7.27.1	6 / 2	2025-04-30
7.26.3	6 / 2	2024-12-04
7.25.9	6 / 2	2024-10-22
7.25.7	6 / 2	2024-10-02
7.24.7	6 / 2	2024-06-05
7.24.6	6 / 2	2024-05-24
7.24.1	6 / 2	2024-03-19
7.23.3	6 / 2	2023-11-09
7.22.15	6 / 2	2023-09-04
7.22.5	6 / 2	2023-06-08
7.22.3	6 / 2	2023-05-27
7.22.0	6 / 2	2023-05-26
7.18.6	6 / 2	2022-06-27
7.17.12	6 / 2	2022-05-16
7.16.7	6 / 2	2021-12-31
7.16.5	6 / 2	2021-12-13
7.16.0	6 / 2	2021-10-29
7.14.5	6 / 2	2021-06-09
7.13.13	6 / 2	2021-03-26
7.12.13	5 / 2	2021-02-03
7.12.10	5 / 2	2020-12-09
7.12.7	7 / 2	2020-11-20
7.12.5	7 / 2	2020-11-03
7.12.1	7 / 2	2020-10-15
7.10.4	7 / 3	2020-06-30
7.10.1	7 / 3	2020-05-27
7.10.0	7 / 3	2020-05-26
7.9.4	6 / 3	2020-03-24
7.9.1	6 / 3	2020-03-20
7.9.0	6 / 3	2020-03-20
7.8.3	5 / 3	2020-01-13
7.8.0	5 / 3	2020-01-12
7.7.4	5 / 3	2019-11-22
7.7.0	5 / 3	2019-11-05
7.6.3	5 / 3	2019-10-08
7.0.0	5 / 3	2018-08-27
8.0.0-rc.3	6 / 2	2026-03-16
8.0.0-rc.2	6 / 2	2026-02-15
8.0.0-rc.1	6 / 2	2026-01-31
8.0.0-beta.4	6 / 2	2026-01-12
8.0.0-beta.3	6 / 2	2025-10-23

v7.29.7

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.