@jest/types — Greenflagged

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

aaronabramovsimenbrickhanloniiopenjs-operationscpojer

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): simenb is a well-known Jest core contributor at Facebook/Meta; the publisher transition is a documented, legitimate team change, not a compromise.	ai	2026/04/22
maintainer-change	maintainer-added	AI (maintainer-change): simenb and davidzilburg are established Jest team members; addition reflects legitimate team evolution at Facebook/Meta.	ai	2026/04/22
maintainer-change	maintainer-removed	AI (maintainer-change): jeanlauliac's removal is consistent with documented Jest team changes; no evidence of hostile takeover.	ai	2026/04/22
publish-pattern	new-deps-added	AI (publish-pattern): chalk is a highly trusted, widely-used npm package; its addition to @jest/types poses no supply chain risk.	ai	2026/04/22
phantom-deps	phantom-dep:@types/node	AI (phantom-deps): @types/* packages are TypeScript type declarations consumed by the TS compiler, not runtime imports. Phantom-dep detection is a stable false positive for all @types/* deps in this package.	ai	2026/04/21
bogus-package	bogus-package	AI (bogus-package): Inflated semver is a false positive for Jest monorepo packages which use synchronized versioning. Missing description/keywords are cosmetic issues common in monorepo sub-packages.	ai	2026/04/21
phantom-deps	phantom-dep:@types/yargs	AI (phantom-deps): @types/yargs is a TypeScript type declaration package; not directly imported at runtime by design.	ai	2026/04/21
phantom-deps	phantom-dep:@types/istanbul-reports	AI (phantom-deps): @types/istanbul-reports is a TypeScript type declaration package; not directly imported at runtime by design.	ai	2026/04/21
phantom-deps	phantom-dep:@types/istanbul-lib-coverage	AI (phantom-deps): @types/istanbul-lib-coverage is a TypeScript type declaration package; not directly imported at runtime by design.	ai	2026/04/21

Versions (showing 51 of 69)

Show 4 prereleases View all versions

Version	Deps	Published
30.4.1	7 / 0	2026-05-08
30.4.0	7 / 0	2026-05-07
30.3.0	7 / 0	2026-03-10
30.2.0	7 / 0	2025-09-28
30.0.5	7 / 0	2025-07-22
30.0.1	7 / 0	2025-06-18
30.0.0	7 / 0	2025-06-10
29.6.3	6 / 2	2023-08-21
29.6.1	6 / 2	2023-07-06
29.6.0	6 / 2	2023-07-04
29.5.0	6 / 2	2023-03-06
29.4.3	6 / 2	2023-02-15
29.4.2	6 / 2	2023-02-07
29.4.1	6 / 2	2023-01-26
29.4.0	6 / 2	2023-01-24
29.3.1	6 / 2	2022-11-08
29.2.1	6 / 2	2022-10-18
29.2.0	6 / 2	2022-10-14
29.1.2	6 / 2	2022-09-30
29.1.0	6 / 2	2022-09-28
29.0.3	6 / 2	2022-09-10
29.0.2	6 / 2	2022-09-03
29.0.1	6 / 2	2022-08-26
29.0.0	6 / 2	2022-08-25
28.1.3	6 / 2	2022-07-13
28.1.1	6 / 2	2022-06-07
28.1.0	6 / 2	2022-05-06
28.0.2	6 / 2	2022-04-27
28.0.1	6 / 2	2022-04-26
28.0.0	6 / 2	2022-04-25
27.5.1	5 / 2	2022-02-08
27.5.0	5 / 2	2022-02-05
27.4.2	5 / 1	2021-11-30
27.4.1	5 / 1	2021-11-30
27.4.0	5 / 0	2021-11-29
27.2.5	5 / 0	2021-10-08
27.2.4	5 / 0	2021-09-29
27.2.3	5 / 0	2021-09-28
27.1.1	5 / 0	2021-09-08
27.1.0	5 / 0	2021-08-27
27.0.6	5 / 0	2021-06-28
27.0.2	5 / 0	2021-05-29
27.0.1	5 / 0	2021-05-25
26.6.2	5 / 0	2020-11-02
26.6.1	5 / 0	2020-10-23
26.6.0	5 / 0	2020-10-19
26.5.2	5 / 0	2020-10-06
26.5.0	5 / 0	2020-10-05
26.3.0	5 / 0	2020-08-10
26.2.0	5 / 0	2020-07-30
26.1.0	4 / 1	2020-06-23