@babel/template
Generate an AST from a string template.
43
Versions
MIT
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
No source commit
Maintainers
hzooexistentialismnicolo-ribaudojlhwung
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | missing-githead | AI (provenance): Babel migrated to GitHub Actions CI publishing; missing gitHead is a known artifact of this workflow change, not a security signal for this package. | ai | |
| maintainer-change | maintainer-removed | AI (maintainer-change): Babel team membership changes are routine for this long-lived monorepo package; removals reflect normal team evolution, not a takeover. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Mass-production signal is a false positive for @babel/* packages; loganfsmyth is a known Babel contributor. Missing keywords is typical for scoped Babel packages. | ai | |
| maintainer-change | maintainer-added | AI (maintainer-change): nicolo-ribaudo is a well-known Babel core contributor; this is a legitimate team transition within the official Babel project, stable across versions. | ai | |
| provenance | publisher-changed | AI (provenance): Babel monorepo migrated to GitHub Actions for automated publishing; publisher change from nicolo-ribaudo to GitHub Actions is consistent with this known org-wide transition and not indicative of compromise. | ai | |
| dependencies | unvetted-dep:@babel/parser | AI (dependencies): @babel/parser is a sibling package in the Babel monorepo, always co-released at the same version; not an independent unvetted dependency. | ai | |
| provenance | no-provenance | AI (provenance): @babel/template is a core Babel monorepo package published by a known Babel team member; lack of Sigstore provenance is not a meaningful risk signal for this package. | ai |
Versions (showing 43 of 43)
| Version | Deps | Published |
|---|---|---|
| 7.29.7 | 3 / 0 | |
| 7.28.6 | 3 / 0 | |
| 7.27.2 | 3 / 0 | |
| 7.27.1 | 3 / 0 | |
| 7.27.0 | 3 / 0 | |
| 7.26.9 | 3 / 0 | |
| 7.26.8 | 3 / 0 | |
| 7.25.9 | 3 / 0 | |
| 7.25.7 | 3 / 0 | |
| 7.25.0 | 3 / 0 | |
| 7.24.7 | 3 / 0 | |
| 7.24.6 | 3 / 0 | |
| 7.24.0 | 3 / 0 | |
| 7.23.9 | 3 / 0 | |
| 7.22.15 | 3 / 0 | |
| 7.22.5 | 3 / 0 | |
| 7.21.9 | 3 / 0 | |
| 7.20.7 | 3 / 0 | |
| 7.18.10 | 3 / 0 | |
| 7.18.6 | 3 / 0 | |
| 7.16.7 | 3 / 0 | |
| 7.16.0 | 3 / 0 | |
| 7.15.4 | 3 / 0 | |
| 7.14.5 | 3 / 0 | |
| 7.12.13 | 3 / 0 | |
| 7.12.7 | 3 / 0 | |
| 7.10.4 | 3 / 0 | |
| 7.10.3 | 3 / 0 | |
| 7.10.1 | 3 / 0 | |
| 7.10.0 | 3 / 0 | |
| 7.8.6 | 3 / 0 | |
| 7.8.3 | 3 / 0 | |
| 7.8.0 | 3 / 0 | |
| 7.7.4 | 3 / 0 | |
| 7.7.0 | 3 / 0 | |
| 7.6.0 | 3 / 0 | |
| 7.4.4 | 3 / 0 | |
| 7.4.0 | 3 / 0 | |
| 7.2.2 | 3 / 0 | |
| 7.1.2 | 3 / 0 | |
| 7.1.1 | 3 / 0 | |
| 7.1.0 | 3 / 0 | |
| 7.0.0 | 3 / 0 |
v7.29.7
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.