@stencil/core — Greenflagged

A Compiler for Web Components and Progressive Web Apps

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

ionicjsgm-osvmfognbmjohnny.jenkinsstencil-bot

Keywords

web componentscomponentsstencilionicwebappcustom elementspwaprogressive web app

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
semgrep	semgrep:new-function-constructor	AI (semgrep): Used as a documented Chromium bug workaround for dynamic imports with a hardcoded template string — not user-controlled input. Stable pattern in Stencil's browser runtime.	ai	2026/04/24
typosquat	typosquat.levenshtein:cors	AI (typosquat): @stencil/core is a long-established, scoped Ionic package; Levenshtein match against 'cors' is a false positive that will never be a real risk for this package.	ai	2026/04/24
semgrep	semgrep:child-process-spawn	AI (semgrep): Spawning child processes is expected for a dev-server/build tool; used for compiler worker and cross-spawn bundled dependency.	ai	2026/04/23
semgrep	semgrep:dynamic-require	AI (semgrep): Dynamic require loads the Stencil compiler from a computed but controlled path (devServerDir/../compiler/stencil.js) — standard plugin loading pattern.	ai	2026/04/23
semgrep	semgrep:env-spread	AI (semgrep): Dev-server bundles npm-run-path/cross-spawn which spread process.env to pass env to child processes — standard build tool behavior.	ai	2026/04/23
semgrep	semgrep:api-obfuscation-reflect	AI (semgrep): Reflect.get() usage is in bundled node-fetch dependency — standard minified third-party code, not obfuscation.	ai	2026/04/23
semgrep	semgrep:env-bulk-read	AI (semgrep): Env enumeration is in bundled third-party code (debug library) within sys/node/index.js — not malicious.	ai	2026/04/23
semgrep	semgrep:child-process-import	AI (semgrep): Stencil dev-server legitimately uses child_process to spawn compiler worker processes — core build tool functionality.	ai	2026/04/23

Versions (showing 51 of 382)

Show 146 prereleases View all versions

Version	Deps	Published
4.43.5	0 / 70	2026-05-28
4.43.4	0 / 70	2026-04-13
4.43.3	0 / 70	2026-03-19
4.43.2	0 / 70	2026-02-27
4.43.1	0 / 70	2026-02-20
4.43.0	0 / 70	2026-02-13
4.42.1	0 / 70	2026-02-06
4.42.0	0 / 70	2026-02-01
4.41.3	0 / 70	2026-01-23
4.41.2	0 / 70	2026-01-16
4.41.1	0 / 70	2026-01-08
4.41.0	0 / 70	2026-01-02
4.40.1	0 / 70	2025-12-23
4.40.0	0 / 70	2025-12-23
4.39.0	0 / 70	2025-12-09
4.38.3	0 / 67	2025-11-05
4.38.2	0 / 67	2025-10-17
4.38.1	0 / 67	2025-10-10
4.38.0	0 / 67	2025-10-02
4.37.1	0 / 67	2025-09-19
4.37.0	0 / 67	2025-09-13
4.36.3	0 / 67	2025-08-20
4.36.2	0 / 67	2025-07-28
4.36.1	0 / 67	2025-07-18
4.36.0	0 / 67	2025-07-15
4.35.3	0 / 67	2025-07-02
4.35.2	0 / 67	2025-07-02
4.35.1	0 / 67	2025-06-17
4.35.0	0 / 67	2025-06-13
4.34.0	0 / 67	2025-06-11
4.33.1	0 / 67	2025-06-03
4.33.0	0 / 67	2025-06-03
4.32.0	0 / 67	2025-05-28
4.31.0	0 / 67	2025-05-06
4.30.0	0 / 67	2025-04-24
4.29.3	0 / 67	2025-04-14
4.29.2	0 / 67	2025-04-07
4.29.1	0 / 67	2025-04-05
4.29.0	0 / 67	2025-04-03
4.28.2	0 / 67	2025-03-13
4.28.1	0 / 67	2025-03-13
4.28.0	0 / 67	2025-03-12
4.27.2	0 / 66	2025-03-03
4.27.1	0 / 66	2025-02-25
4.27.0	0 / 66	2025-02-22
4.26.0	0 / 66	2025-02-11
4.25.3	0 / 66	2025-02-05
4.25.2	0 / 66	2025-02-04
4.25.1	0 / 66	2025-01-25
4.25.0	0 / 66	2025-01-23
4.24.0	0 / 66	2025-01-17