@types/next
Stub TypeScript definitions entry for next, which provides its own types definitions
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:@types/next-server | AI (dependencies): @types/next-server is a DefinitelyTyped type definitions package and a legitimate, expected dependency for @types/next. No security concern. | ai | |
| phantom-deps | phantom-dep:@types/next-server | AI (phantom-deps): @types/next-server is a sibling DefinitelyTyped package; phantom-dep pattern is expected for @types packages. | ai | |
| phantom-deps | phantom-dep:@types/node | AI (phantom-deps): @types/node is a standard transitive type dependency for DefinitelyTyped packages; not directly imported by convention. | ai | |
| phantom-deps | phantom-dep:@types/react | AI (phantom-deps): @types/react is a standard transitive type dependency for Next.js type definitions; not directly imported by convention. | ai | |
| phantom-deps | phantom-dep:@types/node-fetch | AI (phantom-deps): @types/node-fetch is a standard transitive type dependency for Next.js type definitions; not directly imported by convention. | ai | |
| typosquat | typosquat.levenshtein:nuxt | AI (typosquat): @types/next is the official DefinitelyTyped stub for Next.js, not a typosquat of nuxt. The name similarity is coincidental and this judgment is stable across all versions. | ai | |
| phantom-deps | phantom-dep:next | AI (phantom-deps): Stub type packages declare the target package as a dependency by design; no direct import is expected or needed. | ai | |
| typosquat | typosquat.levenshtein:jest | AI (typosquat): @types/next is the official DefinitelyTyped stub for Next.js; 2-edit distance from jest is purely coincidental. | ai | |
| typosquat | typosquat.levenshtein:knex | AI (typosquat): @types/next is the official DefinitelyTyped stub for Next.js; 2-edit distance from knex is purely coincidental. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Stub type definition packages intentionally have no code files, tiny payloads, and minimal READMEs — this is the expected structure for DefinitelyTyped stubs. | ai |
Versions (showing 46 of 46)
| Version | Deps | Published |
|---|---|---|
| 9.0.0 | 1 / 0 | |
| 8.0.7 | 4 / 0 | |
| 8.0.6 | 4 / 0 | |
| 8.0.5 | 4 / 0 | |
| 8.0.4 | 4 / 0 | |
| 8.0.3 | 4 / 0 | |
| 8.0.2 | 4 / 0 | |
| 8.0.1 | 4 / 0 | |
| 8.0.0 | 4 / 0 | |
| 7.0.9 | 4 / 0 | |
| 7.0.8 | 4 / 0 | |
| 7.0.7 | 4 / 0 | |
| 7.0.6 | 4 / 0 | |
| 7.0.5 | 4 / 0 | |
| 7.0.4 | 4 / 0 | |
| 7.0.3 | 4 / 0 | |
| 7.0.2 | 4 / 0 | |
| 7.0.1 | 4 / 0 | |
| 7.0.0 | 4 / 0 | |
| 6.1.8 | 3 / 0 | |
| 6.1.7 | 3 / 0 | |
| 6.1.6 | 3 / 0 | |
| 6.1.5 | 3 / 0 | |
| 6.1.4 | 3 / 0 | |
| 6.1.3 | 3 / 0 | |
| 6.1.2 | 3 / 0 | |
| 6.1.1 | 3 / 0 | |
| 6.1.0 | 3 / 0 | |
| 6.0.4 | 3 / 0 | |
| 6.0.3 | 3 / 0 | |
| 6.0.2 | 3 / 0 | |
| 6.0.1 | 3 / 0 | |
| 6.0.0 | 3 / 0 | |
| 2.4.12 | 2 / 0 | |
| 2.4.11 | 2 / 0 | |
| 2.4.10 | 2 / 0 | |
| 2.4.9 | 2 / 0 | |
| 2.4.8 | 2 / 0 | |
| 2.4.7 | 2 / 0 | |
| 2.4.6 | 2 / 0 | |
| 2.4.5 | 2 / 0 | |
| 2.4.4 | 2 / 0 | |
| 2.4.3 | 2 / 0 | |
| 2.4.2 | 2 / 0 | |
| 2.4.1 | 2 / 0 | |
| 2.4.0 | 2 / 0 |
v8.0.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.0.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.0.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.0.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.0.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.0.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.