@babel/traverse
The Babel Traverse module maintains the overall tree state, and is responsible for replacing, removing, and adding nodes
40
Versions
MIT
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
No source commit
Maintainers
hzooexistentialismnicolo-ribaudojlhwung
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | publisher-changed | AI (provenance): Babel monorepo migrated to GitHub Actions for automated publishing; this is a documented, expected transition for the official babel/babel project, not an account compromise. | ai | |
| publish-pattern | new-deps-added | AI (publish-pattern): New deps are first-party @babel/ scoped packages from the same monorepo; no third-party supply-chain risk introduced. | ai | |
| dependencies | unvetted-dep:@babel/helper-hoist-variables | AI (dependencies): Official Babel helper package from the babel/babel monorepo, published by the same trusted Babel team. Unvetted status reflects registry gap, not a security concern. | ai | |
| dependencies | unvetted-dep:@babel/helper-split-export-declaration | AI (dependencies): Official Babel helper package from the babel/babel monorepo, published by the same trusted Babel team. Unvetted status reflects registry gap, not a security concern. | ai | |
| dependencies | unvetted-dep:@babel/helper-environment-visitor | AI (dependencies): Official Babel helper package from the babel/babel monorepo, published by the same trusted Babel team. Unvetted status reflects registry gap, not a security concern. | ai | |
| dependencies | unvetted-dep:@babel/helper-function-name | AI (dependencies): Official Babel helper package from the babel/babel monorepo, published by the same trusted Babel team. Unvetted status reflects registry gap, not a security concern. | ai | |
| dependencies | unvetted-dep:@babel/parser | AI (dependencies): @babel/parser is a first-party sibling package from the same babel/babel monorepo; it is always a legitimate dependency of @babel/traverse and not a risk. | ai | |
| provenance | no-provenance | AI (provenance): Babel publishes via GitHub Actions without Sigstore provenance; this is consistent across all Babel packages and not a risk signal for this well-established project. | ai |
Versions (showing 40 of 40)
| Version | Deps | Published |
|---|---|---|
| 7.29.7 | 7 / 2 | |
| 7.29.0 | 7 / 2 | |
| 7.28.6 | 7 / 2 | |
| 7.28.5 | 7 / 2 | |
| 7.28.4 | 7 / 2 | |
| 7.28.3 | 7 / 2 | |
| 7.28.0 | 7 / 2 | |
| 7.27.7 | 7 / 2 | |
| 7.27.4 | 7 / 2 | |
| 7.27.3 | 7 / 2 | |
| 7.27.1 | 7 / 2 | |
| 7.27.0 | 7 / 2 | |
| 7.26.10 | 7 / 2 | |
| 7.26.9 | 7 / 2 | |
| 7.26.8 | 7 / 2 | |
| 7.26.7 | 7 / 2 | |
| 7.26.5 | 7 / 2 | |
| 7.26.4 | 7 / 2 | |
| 7.26.3 | 7 / 2 | |
| 7.25.9 | 7 / 2 | |
| 7.25.7 | 7 / 2 | |
| 7.25.6 | 7 / 2 | |
| 7.25.4 | 7 / 2 | |
| 7.25.3 | 7 / 2 | |
| 7.25.2 | 7 / 2 | |
| 7.25.1 | 7 / 2 | |
| 7.25.0 | 7 / 2 | |
| 7.24.8 | 10 / 2 | |
| 7.24.7 | 10 / 2 | |
| 7.24.6 | 10 / 2 | |
| 7.24.5 | 10 / 2 | |
| 7.24.1 | 10 / 2 | |
| 7.24.0 | 10 / 2 | |
| 7.23.9 | 10 / 2 | |
| 7.23.7 | 10 / 2 | |
| 7.23.6 | 10 / 2 | |
| 7.23.5 | 10 / 2 | |
| 7.23.4 | 10 / 2 | |
| 7.23.3 | 10 / 2 | |
| 7.23.2 | 10 / 2 |
v7.29.7
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.23.6
1 finding
INFO
No provenance attestation
provenance
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.