@jest/fake-timers — Greenflagged

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

aaronabramovsimenbrickhanloniiopenjs-operationscpojer

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
maintainer-change	maintainer-removed	AI (maintainer-change): Removal of jeanlauliac is consistent with documented Jest team evolution; no takeover indicators.	ai	2026/04/22
provenance	publisher-changed	AI (provenance): simenb is a well-known Jest core maintainer; publisher change reflects legitimate Jest team transition, not a compromise.	ai	2026/04/22
maintainer-change	maintainer-added	AI (maintainer-change): simenb and davidzilburg are documented Jest core contributors; additions reflect legitimate team changes.	ai	2026/04/22
publish-pattern	new-deps-added	AI (publish-pattern): New deps (@sinonjs/fake-timers, @types/node, jest-util) are well-established packages added as part of Jest 26's documented architectural changes.	ai	2026/04/22
npm-metadata	no-description	AI (npm-metadata): Monorepo package with documentation in main Jest repo; missing description is expected.	ai	2026/04/22
phantom-deps	phantom-dep:@jest/types	AI (phantom-deps): Framework-scoped Jest package loaded by convention; stable pattern for Jest monorepo packages.	ai	2026/04/22
phantom-deps	phantom-dep:@types/node	AI (phantom-deps): Type definitions loaded by convention; stable pattern for Jest monorepo packages.	ai	2026/04/22
bogus-package	bogus-package	AI (bogus-package): Jest monorepo sub-package; inflated semver tracks parent project version (Jest v30.x), no description is normal for monorepo packages. Not a spam/malicious indicator.	ai	2026/04/21
dependencies	unvetted-dep:@sinonjs/fake-timers	AI (dependencies): @sinonjs/fake-timers is the canonical fake timers library; a well-known, legitimate dependency that Jest has used for years.	ai	2026/04/21

Versions (showing 51 of 90)

View all versions

Version	Deps	Published
30.4.1	6 / 1	2026-05-08
30.4.0	6 / 1	2026-05-07
30.3.0	6 / 2	2026-03-10
30.2.0	6 / 2	2025-09-28
30.1.2	6 / 2	2025-09-01
30.1.1	6 / 2	2025-08-27
30.1.0	6 / 2	2025-08-27
30.0.5	6 / 2	2025-07-22
30.0.4	6 / 2	2025-07-02
30.0.2	6 / 2	2025-06-19
30.0.1	6 / 2	2025-06-18
30.0.0	6 / 2	2025-06-10
29.7.0	6 / 2	2023-09-12
29.6.4	6 / 2	2023-08-24
29.6.3	6 / 2	2023-08-21
29.6.2	6 / 2	2023-07-27
29.6.1	6 / 2	2023-07-06
29.6.0	6 / 2	2023-07-04
29.5.0	6 / 2	2023-03-06
29.4.3	6 / 2	2023-02-15
29.4.2	6 / 2	2023-02-07
29.4.1	6 / 2	2023-01-26
29.4.0	6 / 2	2023-01-24
29.3.1	6 / 2	2022-11-08
29.3.0	6 / 2	2022-11-07
29.2.2	6 / 2	2022-10-24
29.2.1	6 / 2	2022-10-18
29.2.0	6 / 2	2022-10-14
29.1.2	6 / 2	2022-09-30
29.1.1	6 / 2	2022-09-28
29.1.0	6 / 2	2022-09-28
29.0.3	6 / 2	2022-09-10
29.0.2	6 / 2	2022-09-03
29.0.1	6 / 2	2022-08-26
29.0.0	6 / 2	2022-08-25
28.1.3	6 / 2	2022-07-13
28.1.2	6 / 2	2022-06-29
28.1.1	6 / 2	2022-06-07
28.1.0	6 / 2	2022-05-06
28.0.2	6 / 2	2022-04-27
28.0.1	6 / 2	2022-04-26
28.0.0	6 / 2	2022-04-25
27.5.1	6 / 1	2022-02-08
27.5.0	6 / 2	2022-02-05
27.4.6	6 / 2	2022-01-04
27.4.2	6 / 2	2021-11-30
27.4.1	6 / 2	2021-11-30
27.4.0	6 / 2	2021-11-29
27.3.1	6 / 2	2021-10-19
27.3.0	6 / 2	2021-10-17
27.2.5	6 / 2	2021-10-08