@babel/types MIT 100 versions

@babel/types

npm Repository Homepage

Babel Types is a Lodash-esque utility library for AST nodes

100

Versions

MIT

License

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

hzooexistentialismnicolo-ribaudojlhwung

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	obfuscated-file:lib/index-ts3.7.d.ts	AI (source-diff): lib/index-ts3.7.d.ts is an auto-generated TypeScript declaration file explicitly referenced in typesVersions; long lines are a known artifact of generated .d.ts files, not obfuscation.	ai	2026/04/22
maintainer-change	maintainer-removed	AI (maintainer-change): Maintainer transition within Babel project is consistent with known ecosystem patterns; no takeover indicators.	ai	2026/04/21
source-diff	large-new-source-files	AI (source-diff): @babel/types tracks JS/TS AST evolution; adding many new type/helper files across many semver versions is expected for this package.	ai	2026/04/21
source-diff	obfuscated-file:lib/index-legacy.d.ts	AI (source-diff): File is explicitly autogenerated TypeScript definitions (per header comment), not obfuscated code. Long lines are expected in generated type definitions.	ai	2026/04/21
provenance	missing-githead	AI (provenance): Large monorepo with established publisher; missing gitHead reflects CI/CD pipeline changes, not a supply chain compromise. Consistent with Babel's publish history.	ai	2026/04/21
publish-pattern	new-deps-added	AI (publish-pattern): New dependency is @babel/helper-validator-identifier, a sibling Babel package; legitimate refactoring.	ai	2026/04/21
maintainer-change	maintainer-added	AI (maintainer-change): jlhwung is an established Babel maintainer with strong track record; transition is legitimate.	ai	2026/04/21
bogus-package	bogus-package	AI (bogus-package): False positives for monorepo package; mass-production signal reflects Babel's structure, not spam.	ai	2026/04/21
provenance	publisher-changed	AI (provenance): Publisher change (jlhwung → nicolo-ribaudo) reflects legitimate Babel maintainer transition, not account compromise.	ai	2026/04/21
provenance	no-provenance	AI (provenance): @babel/types is a well-established core Babel package; lack of Sigstore provenance is not a risk signal here.	ai	2026/04/21
dependencies	unvetted-dep:to-fast-properties	AI (dependencies): to-fast-properties is a long-standing, benign dependency of @babel/types used across the Babel ecosystem; no security concern.	ai	2026/04/21

Versions (showing 100 of 139)

Show 4 prereleases

Version	Deps	Published
7.29.7	2 / 3	2026-05-25
7.29.0	2 / 3	2026-01-31
7.28.6	2 / 3	2026-01-12
7.28.5	2 / 3	2025-10-23
7.28.4	2 / 3	2025-09-05
7.28.2	2 / 3	2025-07-24
7.28.1	2 / 3	2025-07-12
7.28.0	2 / 3	2025-07-02
7.27.7	2 / 3	2025-06-26
7.27.6	2 / 3	2025-06-05
7.27.3	2 / 3	2025-05-27
7.27.1	2 / 3	2025-04-30
7.27.0	2 / 3	2025-03-24
7.26.10	2 / 3	2025-03-11
7.26.9	2 / 3	2025-02-14
7.26.8	2 / 3	2025-02-08
7.26.7	2 / 3	2025-01-24
7.26.5	2 / 3	2025-01-10
7.26.3	2 / 3	2024-12-04
7.26.0	2 / 3	2024-10-25
7.25.9	2 / 3	2024-10-22
7.25.8	3 / 3	2024-10-10
7.25.7	3 / 3	2024-10-02
7.25.6	3 / 3	2024-08-29
7.25.4	3 / 3	2024-08-22
7.25.2	3 / 3	2024-07-30
7.25.0	3 / 3	2024-07-26
7.24.9	3 / 3	2024-07-15
7.24.8	3 / 3	2024-07-11
7.24.7	3 / 3	2024-06-05
7.24.6	3 / 3	2024-05-24
7.24.5	3 / 3	2024-04-29
7.24.0	3 / 3	2024-02-28
7.23.9	3 / 3	2024-01-25
7.23.6	3 / 3	2023-12-11
7.23.5	3 / 3	2023-11-29
7.23.4	3 / 3	2023-11-20
7.23.3	3 / 3	2023-11-09
7.23.0	3 / 3	2023-09-25
7.22.19	3 / 3	2023-09-14
7.22.17	3 / 3	2023-09-08
7.22.15	3 / 3	2023-09-04
7.22.11	3 / 3	2023-08-24
7.22.10	3 / 3	2023-08-07
7.22.5	3 / 4	2023-06-08
7.22.4	3 / 4	2023-05-29
7.22.3	3 / 4	2023-05-27
7.22.0	3 / 4	2023-05-26
7.21.5	3 / 4	2023-04-28
7.21.4	3 / 4	2023-03-31
7.21.3	3 / 4	2023-03-14
7.21.2	3 / 4	2023-02-23
7.21.0	3 / 4	2023-02-20
7.20.7	3 / 4	2022-12-22
7.20.5	3 / 4	2022-11-28
7.20.2	3 / 4	2022-11-04
7.20.0	3 / 4	2022-10-27
7.19.4	3 / 4	2022-10-10
7.19.3	3 / 4	2022-09-27
7.19.0	3 / 4	2022-09-05
7.18.13	3 / 4	2022-08-22
7.18.10	3 / 4	2022-08-01
7.18.9	2 / 4	2022-07-18
7.18.8	2 / 4	2022-07-08
7.18.7	2 / 4	2022-06-28
7.18.6	2 / 4	2022-06-27
7.18.4	2 / 4	2022-05-29
7.18.2	2 / 4	2022-05-25
7.18.0	2 / 4	2022-05-19
7.17.12	2 / 4	2022-05-16
7.17.10	2 / 4	2022-04-29
7.17.0	2 / 4	2022-02-02
7.16.8	2 / 4	2022-01-10
7.16.7	2 / 4	2021-12-31
7.16.0	2 / 4	2021-10-29
7.15.6	2 / 4	2021-09-09
7.15.4	2 / 4	2021-09-02
7.15.0	2 / 4	2021-08-04
7.14.9	2 / 4	2021-08-01
7.14.8	2 / 3	2021-07-20
7.14.5	2 / 3	2021-06-09
7.14.4	2 / 3	2021-05-28
7.14.2	2 / 3	2021-05-12
7.14.1	2 / 3	2021-05-04
7.14.0	2 / 3	2021-04-29
7.13.17	2 / 3	2021-04-20
7.13.16	2 / 3	2021-04-20
7.13.14	3 / 4	2021-03-29
7.13.13	3 / 4	2021-03-26
7.13.12	3 / 4	2021-03-22
7.13.0	3 / 4	2021-02-22
7.12.17	3 / 4	2021-02-18
7.12.13	3 / 4	2021-02-03
7.12.12	3 / 4	2020-12-23
7.12.11	3 / 4	2020-12-15
7.12.10	3 / 3	2020-12-09
7.12.7	3 / 3	2020-11-20
7.12.6	3 / 3	2020-11-04
7.12.5	3 / 3	2020-11-03
7.12.1	3 / 3	2020-10-15

Showing 100 of 139 Next page →

v7.29.7

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.