@jest/core — Greenflagged

Delightful JavaScript Testing.

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

aaronabramovsimenbrickhanloniiopenjs-operationscpojer

Keywords

avababelcoverageeasyexpectfacebookimmersiveinstantjasminejestjsdommochamockingpainlessqunitrunnersandboxedsnapshottaptapetesttestingtypescriptwatch

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
publish-pattern	new-deps-added	AI (publish-pattern): jest-resolve is a first-party Jest package and slash is a well-known path utility; both are legitimate additions for this major version bump.	ai	2026/04/23
source-diff	large-new-source-files	AI (source-diff): Version jump from v24 to v25 naturally introduces many new source files; consistent with a major release of the Jest framework.	ai	2026/04/23
maintainer-change	maintainer-removed	AI (maintainer-change): Maintainer transition in major version is normal; simenb is established publisher with strong approval history.	ai	2026/04/23
provenance	publisher-changed	AI (provenance): Publisher change in 2019 reflects legitimate Jest project maintainer transition; stable for this package.	ai	2026/04/23
maintainer-change	maintainer-added	AI (maintainer-change): New maintainer addition is expected for active Jest project; scotthovestadt has strong track record.	ai	2026/04/23
dependencies	unvetted-dep:jest-runtime	AI (dependencies): First-party Jest monorepo package; always a dependency of @jest/core.	ai	2026/04/23
dependencies	unvetted-dep:jest-watcher	AI (dependencies): First-party Jest monorepo package; always a dependency of @jest/core.	ai	2026/04/23
dependencies	unvetted-dep:@jest/console	AI (dependencies): First-party Jest monorepo package; always a dependency of @jest/core.	ai	2026/04/23
dependencies	unvetted-dep:@jest/pattern	AI (dependencies): First-party Jest monorepo package; always a dependency of @jest/core.	ai	2026/04/23
dependencies	unvetted-dep:jest-snapshot	AI (dependencies): First-party Jest monorepo package; always a dependency of @jest/core.	ai	2026/04/23
dependencies	unvetted-dep:jest-validate	AI (dependencies): First-party Jest monorepo package; always a dependency of @jest/core.	ai	2026/04/23
dependencies	unvetted-dep:jest-haste-map	AI (dependencies): First-party Jest monorepo package; always a dependency of @jest/core.	ai	2026/04/23
dependencies	unvetted-dep:@jest/reporters	AI (dependencies): First-party Jest monorepo package; always a dependency of @jest/core.	ai	2026/04/23
dependencies	unvetted-dep:@jest/transform	AI (dependencies): First-party Jest monorepo package; always a dependency of @jest/core.	ai	2026/04/23
dependencies	unvetted-dep:jest-regex-util	AI (dependencies): First-party Jest monorepo package; always a dependency of @jest/core.	ai	2026/04/23
dependencies	unvetted-dep:@jest/test-result	AI (dependencies): First-party Jest monorepo package; always a dependency of @jest/core.	ai	2026/04/23
dependencies	unvetted-dep:jest-changed-files	AI (dependencies): First-party Jest monorepo package; always a dependency of @jest/core.	ai	2026/04/23
dependencies	unvetted-dep:jest-resolve-dependencies	AI (dependencies): First-party Jest monorepo package; always a dependency of @jest/core.	ai	2026/04/23
dependencies	unvetted-dep:exit-x	AI (dependencies): exit-x is a small utility used by Jest as a replacement for the deprecated 'exit' package; its use in @jest/core is expected and legitimate.	ai	2026/04/23
dependencies	unvetted-dep:ci-info	AI (dependencies): ci-info is a well-known, widely-used utility for detecting CI environments; its use in @jest/core is expected.	ai	2026/04/23
dependencies	unvetted-dep:@jest/types	AI (dependencies): First-party Jest monorepo package; always a dependency of @jest/core.	ai	2026/04/23
dependencies	unvetted-dep:jest-config	AI (dependencies): First-party Jest monorepo package; always a dependency of @jest/core.	ai	2026/04/23
dependencies	unvetted-dep:jest-runner	AI (dependencies): First-party Jest monorepo package; always a dependency of @jest/core.	ai	2026/04/23
dependencies	unvetted-dep:ansi-escapes	AI (dependencies): ansi-escapes is a standard terminal utility with no malware indicators; stable dependency for this package.	ai	2026/04/23
phantom-deps	phantom-dep:jest-haste-map	AI (phantom-deps): Jest internal dependency referenced in config; expected for Jest core package.	ai	2026/04/23
phantom-deps	phantom-dep:@types/node	AI (phantom-deps): Framework-scoped type definitions loaded by convention; expected for Jest core package.	ai	2026/04/23
provenance	no-provenance	AI (provenance): Provenance attestation is a best-practice recommendation, not a security blocker; acceptable for established packages.	ai	2026/04/23
bogus-package	bogus-package	AI (bogus-package): Inflated semver and short README are expected for a Jest monorepo package published at v30.x; not indicative of spam or malicious intent.	ai	2026/04/21
typosquat	typosquat.levenshtein:cors	AI (typosquat): @jest/core is the official Jest core package; Levenshtein proximity to 'cors' is a false positive for this well-known scoped package.	ai	2026/04/21

Versions (showing 51 of 115)

View all versions

Version	Deps	Published
30.4.2	28 / 3	2026-05-09
30.4.1	28 / 3	2026-05-08
30.4.0	27 / 3	2026-05-07
30.3.0	27 / 3	2026-03-10
30.2.0	28 / 4	2025-09-28
30.1.3	28 / 4	2025-09-02
30.1.2	28 / 4	2025-09-01
30.1.1	28 / 4	2025-08-27
30.1.0	28 / 4	2025-08-27
30.0.5	28 / 4	2025-07-22
30.0.4	28 / 4	2025-07-02
30.0.3	28 / 4	2025-06-25
30.0.2	28 / 4	2025-06-19
30.0.1	28 / 4	2025-06-18
30.0.0	28 / 4	2025-06-10
29.7.0	28 / 5	2023-09-12
29.6.4	28 / 5	2023-08-24
29.6.3	28 / 5	2023-08-21
29.6.2	28 / 5	2023-07-27
29.6.1	28 / 5	2023-07-06
29.6.0	28 / 5	2023-07-04
29.5.0	28 / 5	2023-03-06
29.4.3	28 / 5	2023-02-15
29.4.2	28 / 5	2023-02-07
29.4.1	28 / 5	2023-01-26
29.4.0	28 / 5	2023-01-24
29.3.1	28 / 5	2022-11-08
29.3.0	28 / 5	2022-11-07
29.2.2	28 / 5	2022-10-24
29.2.1	28 / 5	2022-10-18
29.2.0	28 / 5	2022-10-14
29.1.2	28 / 5	2022-09-30
29.1.1	28 / 5	2022-09-28
29.1.0	28 / 5	2022-09-28
29.0.3	28 / 5	2022-09-10
29.0.2	28 / 5	2022-09-03
29.0.1	28 / 5	2022-08-26
29.0.0	28 / 5	2022-08-25
28.1.3	29 / 6	2022-07-13
28.1.2	29 / 6	2022-06-29
28.1.1	29 / 6	2022-06-07
28.1.0	29 / 6	2022-05-06
28.0.3	29 / 6	2022-04-29
28.0.2	29 / 6	2022-04-27
28.0.1	29 / 6	2022-04-26
28.0.0	29 / 6	2022-04-25
27.5.1	28 / 6	2022-02-08
27.5.0	28 / 7	2022-02-05
27.4.7	28 / 7	2022-01-05
27.4.6	28 / 7	2022-01-04
27.4.5	28 / 7	2021-12-13

v30.4.2

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v30.4.1

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v30.4.0

2 findings

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: cpojer → simenb (on 2026-05-07) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2026-05-07. This could indicate a legitimate maintainer transition or an account compromise.

v30.3.0

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v30.2.0

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v30.1.3

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v30.1.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v30.1.1

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v30.1.0

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v30.0.5

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v30.0.4

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v30.0.3

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v30.0.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v30.0.1

2 findings

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: simenb → cpojer (on 2025-06-18) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2025-06-18. This could indicate a legitimate maintainer transition or an account compromise.

v30.0.0

2 findings

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: simenb → cpojer (on 2025-06-10) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2025-06-10. This could indicate a legitimate maintainer transition or an account compromise.

v29.7.0

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v29.6.4

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v29.6.3

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v29.6.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v29.6.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v29.6.0

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v29.5.0

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v29.4.3

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v29.4.2

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v29.4.1

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v29.4.0

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v29.3.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v29.3.0

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v29.2.2

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v29.2.1

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v29.2.0

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v29.1.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v29.1.1

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v29.1.0

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v29.0.3

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v29.0.2

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v29.0.1

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v29.0.0

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v28.1.3

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v28.1.2

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v28.1.1

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v28.1.0

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v28.0.3

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v28.0.2

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v28.0.1

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v28.0.0

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v27.5.1

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v27.5.0

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v27.4.7

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v27.4.6

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v27.4.5

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.