@vxrn/compiler
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:react-native-css-interop | AI (dependencies): react-native-css-interop is a legitimate React Native CSS interop library; stable dependency for this package. | ai | |
| provenance | no-provenance | AI (provenance): Established publisher with long track record; no provenance is consistent across all versions of this package. | ai | |
| phantom-deps | phantom-dep:@babel/plugin-transform-private-methods | AI (phantom-deps): Babel plugins declared as deps and loaded by convention in compiler tooling; stable false positive for this package. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Monorepo sub-package; missing metadata is structural, not indicative of spam or malice. | ai | |
| npm-metadata | no-description | AI (npm-metadata): Consistent across all versions of this monorepo package; not a malice signal. | ai | |
| phantom-deps | phantom-dep:babel-plugin-react-compiler | AI (phantom-deps): Babel plugin loaded by convention in compiler tooling, not directly imported. | ai | |
| phantom-deps | phantom-dep:@babel/plugin-transform-react-jsx | AI (phantom-deps): Framework-scoped babel plugin loaded by convention. | ai | |
| phantom-deps | phantom-dep:@babel/plugin-transform-regenerator | AI (phantom-deps): Framework-scoped babel plugin loaded by convention. | ai | |
| phantom-deps | phantom-dep:@react-native/babel-plugin-codegen | AI (phantom-deps): Platform-specific babel plugin loaded by convention. | ai | |
| phantom-deps | phantom-dep:@babel/plugin-transform-destructuring | AI (phantom-deps): Framework-scoped babel plugin loaded by convention. | ai |
Versions (showing 85 of 294)
| Version | Deps | Published |
|---|---|---|
| 1.2.18 | 12 / 3 | |
| 1.2.17 | 12 / 3 | |
| 1.2.16 | 12 / 3 | |
| 1.2.15 | 12 / 3 | |
| 1.2.14 | 12 / 3 | |
| 1.2.13 | 12 / 3 | |
| 1.2.12 | 12 / 3 | |
| 1.2.11 | 12 / 3 | |
| 1.2.10 | 12 / 3 | |
| 1.2.9 | 12 / 3 | |
| 1.2.8 | 12 / 3 | |
| 1.2.7 | 12 / 3 | |
| 1.2.6 | 12 / 3 | |
| 1.2.5 | 12 / 3 | |
| 1.2.4 | 12 / 3 | |
| 1.2.3 | 12 / 3 | |
| 1.2.2 | 12 / 3 | |
| 1.2.1 | 12 / 3 | |
| 1.2.0 | 12 / 3 | |
| 1.1.547 | 11 / 4 | |
| 1.1.546 | 12 / 4 | |
| 1.1.545 | 12 / 4 | |
| 1.1.544 | 12 / 4 | |
| 1.1.543 | 12 / 4 | |
| 1.1.542 | 12 / 4 | |
| 1.1.541 | 12 / 4 | |
| 1.1.540 | 12 / 4 | |
| 1.1.539 | 12 / 4 | |
| 1.1.538 | 12 / 4 | |
| 1.1.537 | 12 / 4 | |
| 1.1.536 | 12 / 4 | |
| 1.1.535 | 12 / 4 | |
| 1.1.534 | 12 / 4 | |
| 1.1.533 | 12 / 4 | |
| 1.1.532 | 12 / 4 | |
| 1.1.531 | 12 / 4 | |
| 1.1.530 | 12 / 4 | |
| 1.1.529 | 12 / 4 | |
| 1.1.528 | 12 / 4 | |
| 1.1.527 | 12 / 4 | |
| 1.1.526 | 12 / 4 | |
| 1.1.525 | 12 / 4 | |
| 1.1.524 | 12 / 4 | |
| 1.1.523 | 12 / 4 | |
| 1.1.522 | 12 / 4 | |
| 1.1.521 | 12 / 4 | |
| 1.1.520 | 12 / 4 | |
| 1.1.519 | 12 / 4 | |
| 1.1.518 | 12 / 4 | |
| 1.1.517 | 12 / 4 | |
| 1.1.516 | 12 / 4 | |
| 1.1.515 | 12 / 4 | |
| 1.1.514 | 12 / 4 | |
| 1.1.513 | 12 / 4 | |
| 1.1.512 | 12 / 4 | |
| 1.1.511 | 12 / 4 | |
| 1.1.510 | 12 / 4 | |
| 1.1.509 | 12 / 4 | |
| 1.1.508 | 12 / 4 | |
| 1.1.507 | 12 / 4 | |
| 1.1.506 | 12 / 4 | |
| 1.1.505 | 12 / 4 | |
| 1.1.504 | 12 / 4 | |
| 1.1.502 | 12 / 4 | |
| 1.1.501 | 12 / 4 | |
| 1.1.500 | 12 / 4 | |
| 1.1.499 | 12 / 4 | |
| 1.1.498 | 12 / 4 | |
| 1.1.497 | 12 / 4 | |
| 1.1.496 | 12 / 4 | |
| 1.1.495 | 12 / 4 | |
| 1.1.494 | 12 / 4 | |
| 1.1.493 | 12 / 4 | |
| 1.1.492 | 12 / 4 | |
| 1.1.491 | 12 / 4 | |
| 1.1.490 | 12 / 4 | |
| 1.1.489 | 12 / 4 | |
| 1.1.488 | 12 / 4 | |
| 1.1.487 | 12 / 4 | |
| 1.1.486 | 12 / 4 | |
| 1.1.485 | 12 / 4 | |
| 1.1.484 | 12 / 4 | |
| 1.1.483 | 12 / 4 | |
| 1.1.482 | 12 / 4 | |
| 1.1.481 | 12 / 4 |
v1.2.18
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.2.17
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.2.16
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.2.15
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.2.14
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.2.13
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.2.12
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.2.11
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.2.10
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.2.9
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.2.8
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.2.7
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.2.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.2.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.2.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.2.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.2.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.2.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.2.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.547
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.546
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.545
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.544
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.543
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.542
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.541
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.540
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.539
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.538
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.537
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.536
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.535
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.534
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.533
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.532
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.531
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.530
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.529
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.528
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.527
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.526
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.525
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.524
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.523
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.522
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.521
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.520
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.519
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.518
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.517
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.516
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.515
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.514
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.513
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.512
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.511
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.510
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.509
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.508
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.507
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.506
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.505
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.504
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.502
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.501
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.500
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.499
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.498
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.497
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.496
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.495
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.494
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.493
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.492
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.491
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.490
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.489
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.488
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.487
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.486
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.485
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.484
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.483
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.482
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.481
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.