@types/express — Greenflagged

TypeScript definitions for Express

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

types

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
email-domain	unclaimed-email:https://github.com/borisyankov/	AI (email-domain): The 'email' field contains a GitHub profile URL, not an actual email address. This is a metadata quirk in an old package; no real domain hijacking risk exists as github.com is not unclaimed.	ai	2026/04/22
publish-pattern	new-deps-added	AI (publish-pattern): @types/express routinely adds @types/* deps as Express's type surface evolves; @types/qs is a legitimate DefinitelyTyped package for Express's query string parsing dependency.	ai	2026/04/22
phantom-deps	phantom-dep:@types/body-parser	AI (phantom-deps): @types/* packages declare type dependencies that are referenced in .d.ts files, not via runtime imports. Phantom-dep findings are expected and benign for all DefinitelyTyped packages.	ai	2026/04/21
phantom-deps	phantom-dep:@types/serve-static	AI (phantom-deps): @types/* packages declare type dependencies that are referenced in .d.ts files, not via runtime imports. Phantom-dep findings are expected and benign for all DefinitelyTyped packages.	ai	2026/04/21
phantom-deps	phantom-dep:@types/express-serve-static-core	AI (phantom-deps): @types/* packages declare type dependencies that are referenced in .d.ts files, not via runtime imports. Phantom-dep findings are expected and benign for all DefinitelyTyped packages.	ai	2026/04/21
dependencies	unvetted-dep:@types/qs	AI (dependencies): @types/qs is a standard DefinitelyTyped package for the qs library, a legitimate and expected type dependency for @types/express.	ai	2026/04/21
provenance	no-provenance	AI (provenance): Package predates widespread provenance adoption; published by the trusted DefinitelyTyped/types publisher with a long clean track record.	ai	2026/04/21
phantom-deps	phantom-dep:@types/qs	AI (phantom-deps): @types/* packages declare type dependencies that are referenced in .d.ts files, not via runtime imports. Phantom-dep findings are expected and benign for all DefinitelyTyped packages.	ai	2026/04/21

Versions (showing 47 of 47)

Version	Deps	Published
5.0.6	3 / 0	2025-12-01
5.0.5	3 / 0	2025-10-27
5.0.4	3 / 0	2025-10-24
5.0.3	3 / 0	2025-06-07
5.0.2	3 / 0	2025-05-16
5.0.1	3 / 0	2025-03-19
5.0.0	4 / 0	2024-09-25
4.17.25	4 / 0	2025-10-27
4.17.24	4 / 0	2025-10-24
4.17.23	4 / 0	2025-06-07
4.17.22	4 / 0	2025-05-16
4.17.21	4 / 0	2023-11-07
4.17.20	4 / 0	2023-10-18
4.17.19	4 / 0	2023-10-10
4.17.18	4 / 0	2023-09-23
4.17.17	4 / 0	2023-02-03
4.17.16	4 / 0	2023-01-23
4.17.15	4 / 0	2022-12-13
4.17.14	4 / 0	2022-09-13
4.17.13	4 / 0	2021-07-06
4.17.12	4 / 0	2021-05-25
4.17.11	4 / 0	2021-01-12
4.17.10	4 / 0	2021-01-11
4.17.9	4 / 0	2020-11-11
4.17.8	4 / 0	2020-09-01
4.17.7	4 / 0	2020-07-06
4.17.6	4 / 0	2020-04-09
4.17.5	4 / 0	2020-04-08
4.17.4	4 / 0	2020-03-31
4.17.3	3 / 0	2020-03-03
4.17.2	3 / 0	2019-11-01
4.17.1	3 / 0	2019-08-19
4.17.0	3 / 0	2019-06-04
4.16.1	3 / 0	2019-01-22
4.16.0	3 / 0	2018-06-05
4.11.1	3 / 0	2018-02-01
4.11.0	3 / 0	2017-12-20
4.0.39	3 / 0	2017-10-26
4.0.38	3 / 0	2017-10-25
4.0.37	2 / 0	2017-08-21
4.0.36	2 / 0	2017-06-15
4.0.35	2 / 0	2017-01-18
4.0.34	2 / 0	2016-11-15
4.0.33	2 / 0	2016-09-19
4.0.32	2 / 0	2016-08-25
4.0.31	2 / 0	2016-08-19
4.0.29	2 / 0	2016-07-14