@types/parse5
Stub TypeScript definitions entry for parse5, which provides its own types definitions
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| publish-pattern | dormant-publish | AI (publish-pattern): Dormancy followed by a stub-redirect publish is the normal lifecycle for @types packages when upstream bundles its own types. Not an account takeover signal for this publisher. | ai | |
| publish-pattern | new-deps-added | AI (publish-pattern): Adding parse5 as a dependency is the entire purpose of this stub package — it redirects consumers to the upstream types. Stable pattern for @types stubs. | ai | |
| bogus-package | bogus-package | AI (bogus-package): All bogus-package signals (no README code, no repo, no keywords, tiny payload) are expected for a zero-code @types stub/redirect package. Not indicative of spam or malice. | ai | |
| phantom-deps | phantom-dep:parse5 | AI (phantom-deps): Zero-code stub package; parse5 is declared as a dependency for redirect purposes, not for direct import. Phantom-dep finding is a stable false positive here. | ai | |
| source-diff | source-size-dropped | AI (source-diff): 100% size drop is expected: prior version shipped real .d.ts files; this version is intentionally a zero-code stub because parse5 now bundles its own types. | ai |
Versions (showing 19 of 19)
| Version | Deps | Published |
|---|---|---|
| 7.0.0 | 1 / 0 | |
| 6.0.3 | 0 / 0 | |
| 6.0.2 | 0 / 0 | |
| 6.0.1 | 0 / 0 | |
| 6.0.0 | 0 / 0 | |
| 5.0.3 | 0 / 0 | |
| 5.0.2 | 0 / 0 | |
| 5.0.1 | 0 / 0 | |
| 5.0.0 | 0 / 0 | |
| 4.0.1 | 1 / 0 | |
| 4.0.0 | 1 / 0 | |
| 3.0.0 | 1 / 0 | |
| 2.2.34 | 1 / 0 | |
| 2.2.33 | 1 / 0 | |
| 2.2.32 | 1 / 0 | |
| 0.0.31 | 1 / 0 | |
| 0.0.30 | 1 / 0 | |
| 0.0.29 | 1 / 0 | |
| 0.0.27 | 1 / 0 |
v7.0.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.0.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.0.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.0.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.0.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.