@babel/types
Babel Types is a Lodash-esque utility library for AST nodes
51
Versions
MIT
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
No source commit
Maintainers
hzooexistentialismnicolo-ribaudojlhwung
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:lib/index-ts3.7.d.ts | AI (source-diff): lib/index-ts3.7.d.ts is an auto-generated TypeScript declaration file explicitly referenced in typesVersions; long lines are a known artifact of generated .d.ts files, not obfuscation. | ai | |
| maintainer-change | maintainer-removed | AI (maintainer-change): Maintainer transition within Babel project is consistent with known ecosystem patterns; no takeover indicators. | ai | |
| source-diff | large-new-source-files | AI (source-diff): @babel/types tracks JS/TS AST evolution; adding many new type/helper files across many semver versions is expected for this package. | ai | |
| source-diff | obfuscated-file:lib/index-legacy.d.ts | AI (source-diff): File is explicitly autogenerated TypeScript definitions (per header comment), not obfuscated code. Long lines are expected in generated type definitions. | ai | |
| provenance | missing-githead | AI (provenance): Large monorepo with established publisher; missing gitHead reflects CI/CD pipeline changes, not a supply chain compromise. Consistent with Babel's publish history. | ai | |
| publish-pattern | new-deps-added | AI (publish-pattern): New dependency is @babel/helper-validator-identifier, a sibling Babel package; legitimate refactoring. | ai | |
| maintainer-change | maintainer-added | AI (maintainer-change): jlhwung is an established Babel maintainer with strong track record; transition is legitimate. | ai | |
| bogus-package | bogus-package | AI (bogus-package): False positives for monorepo package; mass-production signal reflects Babel's structure, not spam. | ai | |
| provenance | publisher-changed | AI (provenance): Publisher change (jlhwung → nicolo-ribaudo) reflects legitimate Babel maintainer transition, not account compromise. | ai | |
| provenance | no-provenance | AI (provenance): @babel/types is a well-established core Babel package; lack of Sigstore provenance is not a risk signal here. | ai | |
| dependencies | unvetted-dep:to-fast-properties | AI (dependencies): to-fast-properties is a long-standing, benign dependency of @babel/types used across the Babel ecosystem; no security concern. | ai |
Versions (showing 51 of 139)
| Version | Deps | Published |
|---|---|---|
| 7.29.7 | 2 / 3 | |
| 7.29.0 | 2 / 3 | |
| 7.28.6 | 2 / 3 | |
| 7.28.5 | 2 / 3 | |
| 7.28.4 | 2 / 3 | |
| 7.28.2 | 2 / 3 | |
| 7.28.1 | 2 / 3 | |
| 7.28.0 | 2 / 3 | |
| 7.27.7 | 2 / 3 | |
| 7.27.6 | 2 / 3 | |
| 7.27.3 | 2 / 3 | |
| 7.27.1 | 2 / 3 | |
| 7.27.0 | 2 / 3 | |
| 7.26.10 | 2 / 3 | |
| 7.26.9 | 2 / 3 | |
| 7.26.8 | 2 / 3 | |
| 7.26.7 | 2 / 3 | |
| 7.26.5 | 2 / 3 | |
| 7.26.3 | 2 / 3 | |
| 7.26.0 | 2 / 3 | |
| 7.25.9 | 2 / 3 | |
| 7.25.8 | 3 / 3 | |
| 7.25.7 | 3 / 3 | |
| 7.25.6 | 3 / 3 | |
| 7.25.4 | 3 / 3 | |
| 7.25.2 | 3 / 3 | |
| 7.25.0 | 3 / 3 | |
| 7.24.9 | 3 / 3 | |
| 7.24.8 | 3 / 3 | |
| 7.24.7 | 3 / 3 | |
| 7.24.6 | 3 / 3 | |
| 7.24.5 | 3 / 3 | |
| 7.24.0 | 3 / 3 | |
| 7.23.9 | 3 / 3 | |
| 7.23.6 | 3 / 3 | |
| 7.23.5 | 3 / 3 | |
| 7.23.4 | 3 / 3 | |
| 7.23.3 | 3 / 3 | |
| 7.23.0 | 3 / 3 | |
| 7.22.19 | 3 / 3 | |
| 7.22.17 | 3 / 3 | |
| 7.22.15 | 3 / 3 | |
| 7.22.11 | 3 / 3 | |
| 7.22.10 | 3 / 3 | |
| 7.22.5 | 3 / 4 | |
| 7.22.4 | 3 / 4 | |
| 7.22.3 | 3 / 4 | |
| 7.22.0 | 3 / 4 | |
| 7.21.5 | 3 / 4 | |
| 7.21.4 | 3 / 4 | |
| 7.21.3 | 3 / 4 |
v7.29.7
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.