jest-watcher — Greenflagged

Delightful JavaScript Testing.

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

aaronabramovsimenbrickhanloniiopenjs-operationscpojer

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
maintainer-change	maintainer-removed	AI (maintainer-change): mjesun removal is part of the known Jest maintainer team restructuring; replaced by multiple active Facebook/Jest contributors.	ai	2026/04/23
provenance	no-provenance	AI (provenance): Published in 2020 before Sigstore provenance was available on npm. Stable for historical versions of this package.	ai	2026/04/23
maintainer-change	maintainer-takeover	AI (maintainer-change): Legitimate transition from mjesun to the broader Jest/Facebook maintainer team (simenb, fb, rubennorte, etc.). Well-documented OSS project governance change.	ai	2026/04/23
provenance	publisher-changed	AI (provenance): Publisher change from mjesun to rubennorte reflects normal Jest team rotation at Facebook; both are known contributors.	ai	2026/04/23
maintainer-change	maintainer-added	AI (maintainer-change): New maintainers are known Facebook/Meta engineers on the Jest team; legitimate team changes.	ai	2026/04/23
publish-pattern	new-deps-added	AI (publish-pattern): jest-util is a sibling package in the facebook/jest monorepo; intra-monorepo dep addition is expected.	ai	2026/04/23
dependencies	unvetted-dep:string-length	AI (dependencies): string-length is a well-known benign utility used throughout the Jest ecosystem; no malicious signals and stable across versions.	ai	2026/04/23
dependencies	unvetted-dep:ansi-escapes	AI (dependencies): ansi-escapes is a well-known, widely used terminal utility library; its use in jest-watcher is expected and stable across versions.	ai	2026/04/23
phantom-deps	phantom-dep:@types/node	AI (phantom-deps): @types/node is intentionally declared as a runtime dep in Jest packages for TypeScript type resolution; not a real phantom dependency concern.	ai	2026/04/21

Versions (showing 51 of 91)

View all versions

Version	Deps	Published
30.4.1	8 / 0	2026-05-08
30.4.0	8 / 0	2026-05-07
30.3.0	8 / 0	2026-03-10
30.2.0	8 / 0	2025-09-28
30.1.3	8 / 0	2025-09-02
30.1.2	8 / 0	2025-09-01
30.1.1	8 / 0	2025-08-27
30.1.0	8 / 0	2025-08-27
30.0.5	8 / 0	2025-07-22
30.0.4	8 / 0	2025-07-02
30.0.2	8 / 0	2025-06-19
30.0.1	8 / 0	2025-06-18
30.0.0	8 / 0	2025-06-10
29.7.0	8 / 0	2023-09-12
29.6.4	8 / 0	2023-08-24
29.6.3	8 / 0	2023-08-21
29.6.2	8 / 0	2023-07-27
29.6.1	8 / 0	2023-07-06
29.6.0	8 / 0	2023-07-04
29.5.0	8 / 0	2023-03-06
29.4.3	8 / 0	2023-02-15
29.4.2	8 / 0	2023-02-07
29.4.1	8 / 0	2023-01-26
29.4.0	8 / 0	2023-01-24
29.3.1	8 / 0	2022-11-08
29.2.2	8 / 0	2022-10-24
29.2.1	8 / 0	2022-10-18
29.2.0	8 / 0	2022-10-14
29.1.2	8 / 0	2022-09-30
29.1.0	8 / 0	2022-09-28
29.0.3	8 / 0	2022-09-10
29.0.2	8 / 0	2022-09-03
29.0.1	8 / 0	2022-08-26
29.0.0	8 / 0	2022-08-25
28.1.3	8 / 0	2022-07-13
28.1.1	8 / 0	2022-06-07
28.1.0	8 / 0	2022-05-06
28.0.2	8 / 0	2022-04-27
28.0.1	8 / 0	2022-04-26
28.0.0	8 / 0	2022-04-25
27.5.1	7 / 0	2022-02-08
27.5.0	7 / 0	2022-02-05
27.4.6	7 / 0	2022-01-04
27.4.2	7 / 0	2021-11-30
27.4.1	7 / 0	2021-11-30
27.4.0	7 / 0	2021-11-29
27.3.1	7 / 0	2021-10-19
27.3.0	7 / 0	2021-10-17
27.2.5	7 / 0	2021-10-08
27.2.4	7 / 0	2021-09-29
27.2.3	7 / 0	2021-09-28