fork-ts-checker-webpack-plugin

Runs typescript type checker and linter on separate process.

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

piotr-oles

Keywords

webpackplugintypescripttypecheckts-loaderwebpackforkfast

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
dependencies	unvetted-dep:vue-parser	AI (dependencies): fork-ts-checker-webpack-plugin explicitly supports Vue single-file components; vue-parser is a legitimate and expected dependency for this functionality across all versions.	ai	2026/04/23
provenance	no-provenance	AI (provenance): Provenance attestation is a best-practice enhancement, not a security requirement. Absence does not indicate malicious intent for an established, auditable open-source package.	ai	2026/04/22
publish-pattern	new-deps-added	AI (publish-pattern): New dependencies (worker-rpc, @babel/code-frame) are established packages appropriate for TypeScript checker plugin.	ai	2026/04/22
phantom-deps	phantom-dep:minimatch	AI (phantom-deps): minimatch is a legitimate declared dependency used in config/indirect paths; stable false positive for this package.	ai	2026/04/22
dependencies	unvetted-dep:worker-rpc	AI (dependencies): worker-rpc is a small, focused RPC library appropriate for this plugin's worker-process architecture.	ai	2026/04/22
phantom-deps	phantom-dep:resolve	AI (phantom-deps): Declared dependency used in config; already marked accepted risk.	ai	2026/04/22
source-diff	large-new-source-files	AI (source-diff): 49 new files consistent with major version update to mature plugin; public repository is auditable.	ai	2026/04/22
maintainer-change	maintainer-removed	AI (maintainer-change): Normal maintainer transition in established project; current publisher is original author with clean history.	ai	2026/04/22
phantom-deps	phantom-dep:@types/json-schema	AI (phantom-deps): Framework-scoped type package, loaded by convention in TypeScript projects.	ai	2026/04/22
dependencies	unvetted-dep:lodash.startswith	AI (dependencies): Small, stable lodash utility function; appropriate for this package's use case.	ai	2026/04/22
dependencies	unvetted-dep:lodash.endswith	AI (dependencies): Small, stable lodash utility function; appropriate for this package's use case.	ai	2026/04/22
dependencies	unvetted-dep:memfs	AI (dependencies): memfs is a legitimate in-memory filesystem used for testing; no security risk for this package.	ai	2026/04/21
semgrep	semgrep:dynamic-require	AI (semgrep): Dynamic require(compiler) in VueProgram.js is a legitimate pattern for loading optional Vue compiler implementations with defensive try-catch.	ai	2026/04/21
dependencies	unvetted-dep:tapable	AI (dependencies): tapable is webpack's own hook/plugin system; its use is expected and appropriate for a webpack plugin.	ai	2026/04/21
semgrep	semgrep:child-process-import	AI (semgrep): child_process is core to fork-ts-checker's documented function of spawning separate TypeScript checker processes; stable for this package.	ai	2026/04/21
dependencies	unvetted-dep:node-abort-controller	AI (dependencies): node-abort-controller is a legitimate AbortController polyfill; appropriate for a webpack plugin managing worker processes.	ai	2026/04/21

Versions (showing 51 of 159)

View all versions

Version	Deps	Published
9.1.0	12 / 40	2025-04-03
9.0.3	12 / 40	2025-03-31
9.0.2	12 / 40	2023-10-29
9.0.1	12 / 40	2023-10-29
9.0.0	12 / 40	2023-10-04
8.0.0	12 / 40	2023-03-05
7.3.0	12 / 40	2023-01-10
7.2.14	12 / 40	2022-12-16
7.2.13	12 / 40	2022-07-18
7.2.12	11 / 40	2022-07-10
7.2.11	11 / 40	2022-05-01
7.2.10	11 / 40	2022-05-01
7.2.9	11 / 40	2022-04-30
7.2.8	11 / 40	2022-04-28
7.2.7	11 / 40	2022-04-23
7.2.6	11 / 40	2022-04-14
7.2.5	11 / 40	2022-04-13
7.2.4	11 / 40	2022-04-11
7.2.3	11 / 40	2022-04-04
7.2.2	11 / 40	2022-04-03
7.2.1	11 / 40	2022-02-12
7.2.0	11 / 40	2022-02-08
7.1.1	11 / 40	2022-02-06
7.1.0	11 / 40	2022-02-06
7.0.0	11 / 40	2022-01-29
6.5.3	13 / 41	2023-03-05
6.5.2	13 / 41	2022-04-26
6.5.1	13 / 41	2022-04-06
6.5.0	13 / 41	2021-11-29
6.4.2	13 / 41	2021-11-23
6.4.1	13 / 41	2021-11-23
6.4.0	13 / 41	2021-10-20
6.3.6	13 / 41	2021-10-20
6.3.5	13 / 41	2021-10-19
6.3.4	13 / 41	2021-10-06
6.3.3	13 / 41	2021-09-03
6.3.2	13 / 41	2021-08-08
6.3.1	13 / 41	2021-08-01
6.3.0	13 / 41	2021-08-01
6.2.13	13 / 41	2021-07-23
6.2.12	13 / 41	2021-06-19
6.2.11	13 / 41	2021-06-19
6.2.10	13 / 41	2021-05-18
6.2.9	13 / 41	2021-05-14
6.2.8	13 / 41	2021-05-13
6.2.7	13 / 41	2021-05-11
6.2.6	13 / 41	2021-05-03
6.2.5	12 / 41	2021-04-25
6.2.4	12 / 41	2021-04-21
6.2.3	12 / 41	2021-04-21
6.2.2	12 / 41	2021-04-21