google-closure-compiler-js
Check, compile, optimize and compress Javascript with Closure-Compiler using Java
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | publisher-changed | AI (provenance): Both lharker and blickly are Google engineers on the Closure Compiler project; maintainer transitions within the same org are expected and not a risk signal for this package. | ai | |
| semgrep | semgrep:child-process-import | AI (semgrep): child_process is used in build_compiler.js, a dev/build script invoked only during testing, not at install or runtime. Expected for a compiler toolchain package. | ai |
Versions (showing 51 of 63)
| Version | Deps | Published |
|---|---|---|
| 20200719.0.0 | 0 / 0 | |
| 20200628.0.0 | 0 / 0 | |
| 20200614.0.0 | 0 / 0 | |
| 20200517.0.0 | 0 / 0 | |
| 20200504.0.0 | 0 / 0 | |
| 20200426.0.0 | 0 / 0 | |
| 20200406.0.0 | 0 / 0 | |
| 20200315.0.0 | 0 / 0 | |
| 20200224.0.0 | 0 / 0 | |
| 20200204.0.0 | 0 / 0 | |
| 20200112.0.0 | 0 / 0 | |
| 20200101.0.0 | 0 / 0 | |
| 20191111.0.0 | 0 / 0 | |
| 20191027.0.0 | 0 / 0 | |
| 20190929.0.0 | 0 / 0 | |
| 20190909.0.0 | 0 / 0 | |
| 20190819.0.0 | 0 / 0 | |
| 20190729.0.0 | 0 / 0 | |
| 20190709.0.0 | 0 / 0 | |
| 20190618.0.0 | 0 / 0 | |
| 20190528.1.0 | 0 / 0 | |
| 20190528.0.0 | 0 / 0 | |
| 20190513.0.0 | 0 / 0 | |
| 20190415.0.0 | 0 / 0 | |
| 20190325.0.0 | 0 / 0 | |
| 20190301.0.0 | 0 / 0 | |
| 20190215.0.2 | 0 / 0 | |
| 20190215.0.1 | 0 / 0 | |
| 20190121.0.0 | 0 / 0 | |
| 20190106.0.0 | 0 / 0 | |
| 20181210.0.0 | 0 / 0 | |
| 20181205.0.0 | 0 / 0 | |
| 20181125.0.1 | 0 / 0 | |
| 20181028.0.0 | 0 / 0 | |
| 20181008.0.0 | 0 / 0 | |
| 20180610.0.0 | 3 / 3 | |
| 20180506.0.0 | 3 / 3 | |
| 20180402.0.0 | 3 / 3 | |
| 20180319.0.0 | 3 / 3 | |
| 20180204.0.0 | 3 / 3 | |
| 20180101.0.0 | 3 / 3 | |
| 20171203.0.0 | 3 / 3 | |
| 20170910.0.1 | 3 / 1 | |
| 20170910.0.0 | 3 / 1 | |
| 20170806.0.0 | 3 / 1 | |
| 20170626.0.0 | 3 / 1 | |
| 20170521.0.0 | 3 / 1 | |
| 20170423.0.0 | 3 / 1 | |
| 20170409.0.0 | 3 / 1 | |
| 20170218.0.0 | 3 / 1 | |
| 20170124.0.0 | 3 / 1 |
v20200719.0.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v20180610.0.0
2 findingsThis version was published by a different npm account than previous versions on 2018-06-13. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.