jest-snapshot — Greenflagged

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

aaronabramovsimenbrickhanloniiopenjs-operationscpojer

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
npm-metadata	suspicious-initial-version	AI (npm-metadata): jest-snapshot 0.0.0 is a namespace reservation by the official Jest maintainer (cpojer); the 0.0.0 version is a known placeholder pattern for this established package.	ai	2026/04/23
npm-metadata	no-description	AI (npm-metadata): Placeholder/stub release by trusted publisher; missing description is expected for a namespace reservation, not a malicious signal.	ai	2026/04/23
provenance	publisher-changed	AI (provenance): simenb (Simen Bekkhus) is a well-known Jest core maintainer; the cpojer→simenb transition is a documented, legitimate handoff within the Jest team, not a compromise.	ai	2026/04/23
publish-pattern	new-deps-added	AI (publish-pattern): Diff is against v19.0.2; 18 new deps reflect 10 major versions of legitimate Jest development. All added packages are standard, well-known ecosystem packages.	ai	2026/04/23
phantom-deps	phantom-dep:@types/babel__traverse	AI (phantom-deps): @types/babel__traverse is a TypeScript type package; phantom-dep finding is a stable false positive for this package.	ai	2026/04/23
phantom-deps	phantom-dep:@types/prettier	AI (phantom-deps): @types/prettier is a TypeScript type package used for type inference; not directly imported at runtime by convention. Stable false positive for this package.	ai	2026/04/23
maintainer-change	maintainer-removed	AI (maintainer-change): Removed maintainers are former Facebook employees; removal is consistent with the well-documented Jest governance transfer from Meta to the OpenJS Foundation.	ai	2026/04/23
maintainer-change	maintainer-added	AI (maintainer-change): New maintainers reflect the documented Jest transition to the OpenJS Foundation; aaronabramov, simenb, rickhanlonii are known Jest contributors and openjs-operations is the OpenJS Foundation npm account.	ai	2026/04/23
source-diff	source-size-tripled	AI (source-diff): Size increase from v19 to v30 reflects a major version with significant new Babel integration and snapshot utility features; not indicative of injected payload.	ai	2026/04/23
bogus-package	bogus-package	AI (bogus-package): jest-snapshot is an official Jest monorepo package; inflated semver, no description, and no keywords are expected characteristics of this package, not spam indicators.	ai	2026/04/21
phantom-deps	phantom-dep:@babel/types	AI (phantom-deps): @babel/types is a legitimate declared dependency used for Babel AST type definitions; phantom detection is a false positive for this Babel-integrated package.	ai	2026/04/21

Versions (showing 51 of 159)

View all versions

Version	Deps	Published
30.4.1	21 / 11	2026-05-08
30.4.0	21 / 11	2026-05-07
30.3.0	21 / 11	2026-03-10
30.2.0	21 / 11	2025-09-28
30.1.2	21 / 11	2025-09-01
30.1.1	21 / 11	2025-08-27
30.1.0	21 / 11	2025-08-27
30.0.5	21 / 11	2025-07-22
30.0.4	21 / 11	2025-07-02
30.0.3	21 / 11	2025-06-25
30.0.2	21 / 11	2025-06-19
30.0.1	21 / 11	2025-06-18
30.0.0	21 / 11	2025-06-10
29.7.0	20 / 13	2023-09-12
29.6.4	20 / 13	2023-08-24
29.6.3	20 / 13	2023-08-21
29.6.2	20 / 13	2023-07-27
29.6.1	21 / 12	2023-07-06
29.6.0	21 / 12	2023-07-04
29.5.0	23 / 12	2023-03-06
29.4.3	24 / 12	2023-02-15
29.4.2	24 / 12	2023-02-07
29.4.1	24 / 12	2023-01-26
29.4.0	24 / 12	2023-01-24
29.3.1	24 / 11	2022-11-08
29.3.0	24 / 11	2022-11-07
29.2.2	24 / 11	2022-10-24
29.2.1	24 / 11	2022-10-18
29.2.0	24 / 11	2022-10-14
29.1.2	24 / 11	2022-09-30
29.1.0	24 / 11	2022-09-28
29.0.3	24 / 11	2022-09-10
29.0.2	24 / 11	2022-09-03
29.0.1	24 / 11	2022-08-26
29.0.0	24 / 11	2022-08-25
28.1.3	23 / 11	2022-07-13
28.1.2	23 / 11	2022-06-29
28.1.1	23 / 11	2022-06-07
28.1.0	23 / 11	2022-05-06
28.0.3	23 / 9	2022-04-29
28.0.2	23 / 9	2022-04-27
28.0.1	23 / 9	2022-04-26
28.0.0	23 / 9	2022-04-25
27.5.1	22 / 9	2022-02-08
27.5.0	22 / 9	2022-02-05
27.4.6	22 / 9	2022-01-04
27.4.5	24 / 9	2021-12-13
27.4.4	24 / 9	2021-12-10
27.4.2	24 / 9	2021-11-30
27.4.1	24 / 9	2021-11-30
27.4.0	24 / 9	2021-11-29