@jsonjoy.com/codegen Apache-2.0 33 versions

@jsonjoy.com/codegen

npm Repository Homepage

No-dependencies, low-level, high-performance JIT code generation package for JavaScript

33

Versions

Apache-2.0

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

json-joy-teamstreamich

Keywords

jitcodegencode generationdynamicperformancejavascriptcompilerfunctionoptimization

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
semgrep	semgrep:eval-usage	AI (semgrep): This package is a JIT code generation library; eval() is its core documented functionality. The usage is intentional and expected for all versions of this package.	ai	2026/04/21

Versions (showing 33 of 33)

Version	Deps	Published
18.24.0	0 / 0	2026-05-15
18.23.0	0 / 0	2026-05-14
18.22.0	0 / 0	2026-05-14
18.21.0	0 / 0	2026-05-10
18.20.0	0 / 0	2026-05-09
18.19.0	0 / 0	2026-05-07
18.18.0	0 / 0	2026-05-07
18.17.0	0 / 0	2026-05-07
18.16.0	0 / 0	2026-05-06
18.15.0	0 / 0	2026-04-18
18.14.0	0 / 0	2026-04-16
18.13.0	0 / 0	2026-04-15
18.12.0	0 / 0	2026-04-12
18.11.0	0 / 0	2026-04-11
18.10.0	0 / 0	2026-04-11
18.9.0	0 / 0	2026-04-08
18.8.0	0 / 0	2026-04-07
18.7.0	0 / 0	2026-04-05
18.6.0	0 / 0	2026-04-04
18.5.0	0 / 0	2026-04-02
18.1.0	0 / 0	2026-03-21
18.0.0	0 / 0	2026-02-22
17.67.0	0 / 0	2026-02-06
17.65.0	0 / 0	2025-11-30
17.64.0	0 / 0	2025-11-30
17.63.0	0 / 0	2025-10-28
17.62.0	0 / 0	2025-10-28
17.61.1	0 / 0	2025-10-21
17.61.0	0 / 0	2025-10-20
17.60.0	0 / 0	2025-10-19
17.59.0	0 / 0	2025-10-18
17.58.0	0 / 0	2025-10-18
1.0.0	0 / 15	2025-08-01

v18.24.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v18.23.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v18.22.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v18.21.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v18.20.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v18.19.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v18.18.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v18.17.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v18.16.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v18.14.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v18.13.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v18.12.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v18.11.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v18.10.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v18.9.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v18.8.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v18.7.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v18.6.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v18.5.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v18.1.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v18.0.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v17.67.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v17.65.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v17.64.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v17.63.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v17.62.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v17.61.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v17.61.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v17.60.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v17.59.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v17.58.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.