← Home

@types/node

npm Repository Homepage

TypeScript definitions for node

100
Versions
MIT
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

types

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
npm-metadata suspicious-initial-version AI (npm-metadata): @types/node uses 0.0.0 as a conventional stub version in the DefinitelyTyped ecosystem; this is a stable false positive for this package across all versions. ai
source-diff net-exec-file:node v24.12/repl.d.ts AI (source-diff): TypeScript declaration file (.d.ts) for Node.js repl module. Contains no executable code — only type signatures and JSDoc comments describing the REPL API. Stable false positive for @types/node. ai
source-diff net-exec-file:node v24.12/vm.d.ts AI (source-diff): TypeScript declaration file (.d.ts) for Node.js vm module. Contains no executable code — only type signatures and JSDoc comments describing the VM API. Stable false positive for @types/node. ai
source-diff net-exec-file:node v22.15/vm.d.ts AI (source-diff): TypeScript declaration file for Node.js vm module. The vm module inherently describes code execution APIs; .d.ts files contain no executable code. Stable false positive for @types/node. ai
source-diff net-exec-file:node v22.15/repl.d.ts AI (source-diff): TypeScript declaration file for Node.js repl module. References to eval/network are in JSDoc comments describing the module's API, not executable code. Stable false positive for @types/node. ai
source-diff net-exec-file:node v24.10/repl.d.ts AI (source-diff): repl.d.ts is a TypeScript declaration file describing Node.js REPL types. References to streams and eval in type signatures are not executable code; this is a stable false positive for @types/node. ai
source-diff net-exec-file:node v24.10/vm.d.ts AI (source-diff): vm.d.ts is a TypeScript declaration file describing Node.js VM module types. References to code execution in type signatures are not executable code; stable false positive for @types/node. ai
source-diff net-exec-file:node v24.11/vm.d.ts AI (source-diff): vm.d.ts is a TypeScript declaration file for Node's VM module. References to code execution are type signatures describing the API, not executable code. Stable false positive for @types/node. ai
source-diff net-exec-file:node v24.11/repl.d.ts AI (source-diff): repl.d.ts is a TypeScript declaration file for Node's REPL module. References to eval/network are type signatures, not executable code. Stable false positive for @types/node. ai
source-diff net-exec-file:node v16.11/vm.d.ts AI (source-diff): vm.d.ts is a TypeScript declaration file typing Node.js VM APIs. It contains no executable code; the 'exec' pattern is from type signatures for vm.runInContext and similar APIs. ai
source-diff net-exec-file:node v16.11/repl.d.ts AI (source-diff): repl.d.ts is a TypeScript declaration file typing Node.js REPL APIs. It contains no executable code; the 'network+exec' pattern is from type signatures for stream and eval interfaces. ai
source-diff net-exec-file:node v20.17/vm.d.ts AI (source-diff): TypeScript declaration file for Node.js vm module. Code execution references are type annotations describing the VM API, not actual executable code. Stable false positive for @types/node. ai
source-diff net-exec-file:node v20.17/repl.d.ts AI (source-diff): TypeScript declaration file for Node.js repl module. References to eval/streams in .d.ts files are type annotations, not executable code. Stable false positive for @types/node. ai
source-diff net-exec-file:node/ts4.8/repl.d.ts AI (source-diff): TypeScript declaration file for Node.js repl module; contains only type signatures describing eval-based APIs, not executable code. Pattern match is a false positive for .d.ts files. ai
source-diff net-exec-file:node/ts4.8/vm.d.ts AI (source-diff): TypeScript declaration file for Node.js vm module; contains only type signatures describing VM/code-execution APIs, not executable code. Pattern match is a false positive for .d.ts files. ai
source-diff net-exec-file:node v22.18/vm.d.ts AI (source-diff): vm.d.ts is a TypeScript declaration file typing Node.js's VM module. It contains no executable code; the rule fires on API descriptions of vm.runInContext/network in JSDoc comments and interface definitions. ai
source-diff net-exec-file:node v22.18/repl.d.ts AI (source-diff): repl.d.ts is a TypeScript declaration file typing Node.js's REPL module. It contains no executable code; the rule fires on API descriptions of eval/network in JSDoc comments and interface definitions. ai
source-diff net-exec-file:node v10/repl.d.ts AI (source-diff): TypeScript .d.ts declaration files cannot execute code. References to streams and eval() are type signatures for Node.js's repl module, not actual network/exec calls. This is a stable false positive for @types/node. ai
source-diff net-exec-file:node v12.19/repl.d.ts AI (source-diff): TypeScript .d.ts declaration files contain only type annotations, not executable code. References to stream types and eval in repl.d.ts describe Node.js API types, not actual network/exec operations. This is a stable false positive for @types/node. ai
source-diff net-exec-file:node v9/index.d.ts AI (source-diff): This is a TypeScript declaration file (.d.ts) with type definitions for Node.js networking and execution APIs. No actual runtime code — the rule fires on type signatures, not executable code. Stable false positive for @types/node. ai
source-diff net-exec-file:node v18.18/vm.d.ts AI (source-diff): vm.d.ts is a TypeScript declaration file for Node.js's VM module. Code execution references are type signatures describing the VM API, not executable code. Stable false positive for @types/node. ai
source-diff net-exec-file:node v18.18/repl.d.ts AI (source-diff): repl.d.ts is a TypeScript declaration file for Node.js's REPL module. References to eval/network types are type signatures, not executable code. Stable false positive for @types/node. ai
source-diff net-exec-file:node v16.18/repl.d.ts AI (source-diff): repl.d.ts is a TypeScript declaration file describing Node.js REPL types. References to eval/network in docs/interfaces are expected; no executable code present. ai
source-diff net-exec-file:node v16.18/vm.d.ts AI (source-diff): vm.d.ts is a TypeScript declaration file describing Node.js VM module types. Code execution references are in JSDoc/interface definitions, not executable code. ai
source-diff net-exec-file:node v18.16/repl.d.ts AI (source-diff): repl.d.ts is a TypeScript declaration file for Node's REPL module. References to eval/network are in type signatures and JSDoc, not executable code. Stable false positive for @types/node. ai
source-diff net-exec-file:node v18.16/vm.d.ts AI (source-diff): vm.d.ts is a TypeScript declaration file for Node's VM module. Code execution references are in type signatures describing the VM API, not executable code. Stable false positive for @types/node. ai
source-diff net-exec-file:node v22.16/repl.d.ts AI (source-diff): TypeScript declaration file (.d.ts) describing Node.js repl module. Contains no executable code — only type/interface declarations. Analyzer false-positive on module descriptions referencing streams and eval. ai
source-diff net-exec-file:node v22.16/vm.d.ts AI (source-diff): TypeScript declaration file (.d.ts) describing Node.js vm module. Contains no executable code — only type/interface declarations. Analyzer false-positive on type descriptions of code-execution APIs. ai
source-diff net-exec-file:node v18.17/vm.d.ts AI (source-diff): TypeScript declaration file documenting Node.js vm module APIs. Code execution references are type annotations describing the vm module, not actual executable code. Stable false positive for @types/node. ai
source-diff net-exec-file:node v18.17/repl.d.ts AI (source-diff): TypeScript declaration file documenting Node.js repl module APIs. References to eval/network are in JSDoc comments describing the module's behavior, not executable code. Stable false positive for @types/node. ai
source-diff net-exec-file:node v18.19/repl.d.ts AI (source-diff): TypeScript declaration file for Node.js repl module. References to eval/network are in JSDoc comments describing the API, not executable code. Stable false positive for @types/node. ai
source-diff net-exec-file:node v18.19/vm.d.ts AI (source-diff): TypeScript declaration file for Node.js vm module. References to code execution are type signatures for the vm API, not executable code. Stable false positive for @types/node. ai
source-diff net-exec-file:node v20.16/repl.d.ts AI (source-diff): This is a TypeScript declaration file describing Node.js repl/vm APIs. No executable code exists; the rule fires on type declarations for APIs that involve network/eval concepts. ai
source-diff net-exec-file:node v20.16/vm.d.ts AI (source-diff): This is a TypeScript declaration file for the Node.js vm module. No executable code; the rule fires because the declarations describe dynamic code execution APIs. ai
source-diff net-exec-file:node v22.19/repl.d.ts AI (source-diff): repl.d.ts is a TypeScript declaration file for Node.js's REPL module. References to eval/streams are type signatures, not executable code. Stable false positive for @types/node. ai
source-diff net-exec-file:node v22.19/vm.d.ts AI (source-diff): vm.d.ts is a TypeScript declaration file for Node.js's VM module. References to runInContext/network are type signatures only. Stable false positive for @types/node. ai
source-diff net-exec-file:node v13.13/repl.d.ts AI (source-diff): @types/node ships TypeScript declaration files (.d.ts) only. References to streams and eval in repl.d.ts are type signatures for Node.js built-ins, not executable code. This rule will always false-positive on this package. ai
source-diff net-exec-file:node/repl.d.ts AI (source-diff): TypeScript declaration file describing Node.js REPL API. Contains no executable code — the 'network + exec' pattern match is on type signatures for stream I/O and eval-based REPL, which is expected content for @types/node. ai
source-diff net-exec-file:node/vm.d.ts AI (source-diff): TypeScript declaration file describing Node.js vm module API. Contains no executable code — the pattern match fires on type signatures for V8 context/code execution APIs, which is expected content for @types/node. ai
source-diff net-exec-file:node v11.15/repl.d.ts AI (source-diff): @types/node repl.d.ts is a TypeScript declaration file for Node.js's REPL module. References to streams and eval are type signatures only, not executable code. This is a stable false positive for this package. ai
source-diff net-exec-file:node v10.17/repl.d.ts AI (source-diff): @types/node is a TypeScript declaration package; repl.d.ts contains only type annotations for the Node.js REPL API. References to streams and eval are type signatures, not executable code. ai
source-diff net-exec-file:node v14.18/repl.d.ts AI (source-diff): This is a TypeScript .d.ts declaration file for Node.js's repl module. References to network/eval APIs are type signatures only — no executable code exists. Stable false positive for this package. ai
source-diff net-exec-file:node v12.12/repl.d.ts AI (source-diff): TypeScript .d.ts declaration files cannot execute code. References to streams and eval in repl.d.ts are type annotations for Node.js's REPL API, not actual network or execution calls. ai
source-diff net-exec-file:node v20.19/vm.d.ts AI (source-diff): This is a TypeScript .d.ts declaration file for Node.js's vm module. Code execution references are type signatures for the vm API, not actual malicious code. ai
source-diff large-new-source-files AI (source-diff): New Node.js version branches (e.g. v24.x) naturally add many .d.ts files at once. This is expected behavior for @types/node across all versions. ai
publish-pattern new-deps-added AI (publish-pattern): undici-types is the official type package for Node.js's bundled undici HTTP client; its addition to @types/node v20 is expected and legitimate. ai
source-diff source-size-tripled AI (source-diff): Size increase reflects Node.js 8 → Node.js 20 API surface growth across 12 major versions; all new files are legitimate .d.ts type declarations. ai
source-diff net-exec-file:node v20.19/repl.d.ts AI (source-diff): This is a TypeScript .d.ts declaration file for Node.js's repl module. References to eval() and streams are type signatures describing the API, not executable malicious code. ai
email-domain unclaimed-email:http://typescriptlang.org AI (email-domain): The 'email' field is actually a URL (http://typescriptlang.org) placed in the author email slot — a malformed field, not a real unclaimed domain. typescriptlang.org is Microsoft's active TypeScript site; no hijack risk. ai
dependencies unvetted-dep:@types/events AI (dependencies): @types/events is a standard DefinitelyTyped dependency providing EventEmitter types; its use here is expected and benign across all versions of @types/node. ai
phantom-deps phantom-dep:@types/events AI (phantom-deps): @types/events is a legitimate type-only dependency for @types/node; phantom-dep fires because type packages are loaded by convention, not direct import. Stable false positive for this package. ai
typosquat typosquat.levenshtein:zod AI (typosquat): @types/node predates zod by years and is a vastly more popular package; no typosquat intent possible. Stable false positive. ai
provenance no-provenance AI (provenance): @types/node is a long-established, trusted DefinitelyTyped package. Lack of Sigstore provenance is not a concern here. ai

Versions (showing 100 of 2322)

Version Deps Published
25.9.1 1 / 0
25.9.0 1 / 0
25.8.0 1 / 0
25.7.0 1 / 0
25.6.2 1 / 0
25.6.1 1 / 0
25.6.0 1 / 0
25.5.2 1 / 0
25.5.1 1 / 0
25.5.0 1 / 0
25.4.0 1 / 0
25.3.5 1 / 0
25.3.4 1 / 0
25.3.3 1 / 0
25.3.2 1 / 0
25.3.1 1 / 0
25.3.0 1 / 0
25.2.3 1 / 0
25.2.2 1 / 0
25.2.1 1 / 0
25.2.0 1 / 0
25.1.0 1 / 0
25.0.10 1 / 0
25.0.9 1 / 0
25.0.8 1 / 0
25.0.7 1 / 0
25.0.6 1 / 0
25.0.5 1 / 0
25.0.4 1 / 0
25.0.3 1 / 0
25.0.2 1 / 0
25.0.1 1 / 0
25.0.0 1 / 0
24.12.4 1 / 0
24.12.3 1 / 0
24.12.2 1 / 0
24.12.1 1 / 0
24.12.0 1 / 0
24.11.2 1 / 0
24.11.1 1 / 0
24.11.0 1 / 0
24.10.15 1 / 0
24.10.14 1 / 0
24.10.13 1 / 0
24.10.12 1 / 0
24.10.11 1 / 0
24.10.10 1 / 0
24.10.9 1 / 0
24.10.8 1 / 0
24.10.7 1 / 0
24.10.6 1 / 0
24.10.5 1 / 0
24.10.4 1 / 0
24.10.3 1 / 0
24.10.2 1 / 0
24.10.1 1 / 0
24.10.0 1 / 0
24.9.2 1 / 0
24.9.1 1 / 0
24.9.0 1 / 0
24.8.1 1 / 0
24.8.0 1 / 0
24.7.2 1 / 0
24.7.1 1 / 0
24.7.0 1 / 0
24.6.2 1 / 0
24.6.1 1 / 0
24.6.0 1 / 0
24.5.2 1 / 0
24.5.1 1 / 0
24.5.0 1 / 0
24.4.0 1 / 0
24.3.3 1 / 0
24.3.2 1 / 0
24.3.1 1 / 0
24.3.0 1 / 0
24.2.1 1 / 0
24.2.0 1 / 0
24.1.0 1 / 0
24.0.15 1 / 0
24.0.14 1 / 0
24.0.13 1 / 0
24.0.12 1 / 0
24.0.11 1 / 0
24.0.10 1 / 0
24.0.9 1 / 0
24.0.8 1 / 0
24.0.7 1 / 0
24.0.6 1 / 0
24.0.5 1 / 0
24.0.4 1 / 0
24.0.3 1 / 0
24.0.2 1 / 0
24.0.1 1 / 0
24.0.0 1 / 0
22.19.19 1 / 0
22.19.18 1 / 0
22.19.17 1 / 0
22.19.16 1 / 0
22.19.15 1 / 0
Showing 100 of 2322 Next page →

v25.9.1

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v25.9.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v25.8.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v25.7.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v25.6.2

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v25.6.1

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v24.12.4

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v24.12.3

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v22.19.19

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v22.19.18

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.