@testing-library/jest-dom
Custom jest matchers to test the state of the DOM
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| npm-metadata | suspicious-initial-version | AI (npm-metadata): 0.0.0 is a build-pipeline placeholder for this well-established package (2480 days old, 82 versions, trusted publisher kentcdodds). Not indicative of malicious intent. | ai | |
| maintainer-change | maintainer-added | AI (maintainer-change): eps1lon, mdjastrzebski, jdecroock are known testing-library ecosystem contributors; addition reflects routine org team management, not a takeover. | ai | |
| publish-pattern | new-deps-added | AI (publish-pattern): @adobe/css-tools is a legitimate Adobe-maintained CSS parser replacing the removed 'css' package; a well-motivated dependency swap, not a supply-chain risk. | ai | |
| maintainer-change | maintainer-removed | AI (maintainer-change): Removed maintainers are part of a routine team rotation within the testing-library org; no hostile takeover indicators present. | ai | |
| dependencies | unvetted-dep:@types/testing-library__jest-dom | AI (dependencies): Type definitions for testing-library package; expected and stable for this package. | ai | |
| phantom-deps | phantom-dep:@types/testing-library__jest-dom | AI (phantom-deps): Framework-scoped type definitions are conventionally loaded; stable pattern for this package. | ai | |
| phantom-deps | phantom-dep:pretty-format | AI (phantom-deps): Phantom dependency is typical for testing libraries; pretty-format is used indirectly through jest dependencies. | ai | |
| dependencies | unvetted-dep:redent | AI (dependencies): redent is a minor transitive dependency for a utility library; acceptable risk for this package's context. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Established testing-library package; inflated-semver and README signals are false positives for a mature library with 82 prior versions. | ai |
Versions (showing 81 of 81)
| Version | Deps | Published |
|---|---|---|
| 6.9.1 | 6 / 14 | |
| 6.9.0 | 6 / 14 | |
| 6.8.0 | 6 / 14 | |
| 6.7.0 | 6 / 14 | |
| 6.6.4 | 7 / 14 | |
| 6.6.3 | 7 / 14 | |
| 6.6.2 | 7 / 14 | |
| 6.6.1 | 7 / 14 | |
| 6.6.0 | 7 / 14 | |
| 6.5.0 | 7 / 14 | |
| 6.4.8 | 8 / 14 | |
| 6.4.7 | 8 / 14 | |
| 6.4.6 | 8 / 14 | |
| 6.4.5 | 8 / 14 | |
| 6.4.4 | 8 / 14 | |
| 6.4.3 | 8 / 14 | |
| 6.4.2 | 8 / 14 | |
| 6.4.1 | 8 / 14 | |
| 6.4.0 | 8 / 14 | |
| 6.3.0 | 8 / 14 | |
| 6.2.1 | 8 / 14 | |
| 6.2.0 | 8 / 12 | |
| 6.1.6 | 8 / 12 | |
| 6.1.5 | 8 / 12 | |
| 6.1.4 | 8 / 12 | |
| 6.1.3 | 8 / 12 | |
| 6.1.2 | 8 / 12 | |
| 6.1.1 | 8 / 12 | |
| 6.1.0 | 8 / 12 | |
| 6.0.1 | 8 / 9 | |
| 6.0.0 | 8 / 9 | |
| 5.17.0 | 9 / 5 | |
| 5.16.5 | 9 / 5 | |
| 5.16.4 | 9 / 5 | |
| 5.16.3 | 9 / 5 | |
| 5.16.2 | 9 / 5 | |
| 5.16.1 | 9 / 5 | |
| 5.16.0 | 9 / 5 | |
| 5.15.1 | 9 / 5 | |
| 5.15.0 | 9 / 5 | |
| 5.14.1 | 9 / 5 | |
| 5.14.0 | 9 / 5 | |
| 5.13.0 | 8 / 5 | |
| 5.12.0 | 8 / 5 | |
| 5.11.10 | 8 / 5 | |
| 5.11.9 | 8 / 5 | |
| 5.11.8 | 8 / 5 | |
| 5.11.7 | 8 / 5 | |
| 5.11.6 | 8 / 5 | |
| 5.11.5 | 8 / 5 | |
| 5.11.4 | 8 / 5 | |
| 5.11.3 | 10 / 5 | |
| 5.11.2 | 10 / 5 | |
| 5.11.1 | 10 / 5 | |
| 5.11.0 | 10 / 5 | |
| 5.10.1 | 9 / 5 | |
| 5.10.0 | 9 / 5 | |
| 5.9.0 | 9 / 5 | |
| 5.8.0 | 9 / 5 | |
| 5.7.0 | 9 / 5 | |
| 5.6.0 | 9 / 5 | |
| 5.5.0 | 9 / 5 | |
| 5.4.0 | 9 / 5 | |
| 5.3.0 | 9 / 5 | |
| 5.2.0 | 9 / 5 | |
| 5.1.1 | 10 / 4 | |
| 5.1.0 | 10 / 4 | |
| 5.0.2 | 10 / 3 | |
| 5.0.1 | 10 / 3 | |
| 5.0.0 | 9 / 3 | |
| 4.2.4 | 9 / 3 | |
| 4.2.3 | 9 / 3 | |
| 4.2.2 | 9 / 3 | |
| 4.2.1 | 9 / 3 | |
| 4.2.0 | 9 / 3 | |
| 4.1.2 | 9 / 3 | |
| 4.1.1 | 9 / 3 | |
| 4.1.0 | 9 / 3 | |
| 4.0.1 | 9 / 3 | |
| 4.0.0 | 9 / 3 | |
| 0.0.0 | 9 / 3 |
v5.0.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.2.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.2.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.2.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.2.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.2.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.1.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.1.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.1.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.0.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.