← Home

hast-util-is-element

npm Repository Homepage

hast utility to check if a node is a (certain) element

13
Versions
MIT
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

wooormkmck

Keywords

unisthasthast-utilutilutilityhtmliselement

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
publish-pattern new-deps-added AI (publish-pattern): @types/hast and @types/unist are type-only packages in the unified ecosystem; no executable risk. ai
maintainer-change maintainer-removed AI (maintainer-change): wooorm is the original author; murderlon removal is a routine ownership consolidation. ai
source-diff source-size-tripled AI (source-diff): Size increase due to TypeScript migration adding type declarations; benign for this package. ai
phantom-deps phantom-dep:@types/unist AI (phantom-deps): Framework-scoped TypeScript types loaded by convention in utility libraries; stable pattern for this package. ai
publish-pattern dormant-publish AI (publish-pattern): wooorm's ecosystem packages regularly have long gaps between major version bumps; this v3 release aligns with a coordinated @types/hast v3 upgrade across the unified ecosystem. ai
dependencies unvetted-dep:@types/hast AI (dependencies): @types/hast is a well-known DefinitelyTyped package; its use as a runtime dep for type exports is a standard TypeScript pattern in this ecosystem. ai
phantom-deps phantom-dep:@types/hast AI (phantom-deps): @types/hast is a type-only dependency used for TypeScript type exports, not a direct runtime import. This pattern is standard for modern TypeScript ESM packages. ai

Versions (showing 13 of 13)

Version Deps Published
3.0.0 1 / 9
2.1.3 2 / 10
2.1.2 2 / 12
2.1.1 2 / 12
2.1.0 2 / 12
2.0.1 2 / 12
2.0.0 2 / 12
1.1.0 0 / 8
1.0.4 0 / 8
1.0.3 0 / 8
1.0.2 0 / 8
1.0.1 0 / 8
1.0.0 0 / 13

v3.0.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.1.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.1.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.1.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.1.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.