jest-worker — Greenflagged

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

aaronabramovsimenbrickhanloniiopenjs-operationscpojer

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	source-size-tripled	AI (source-diff): jest-worker v25.0.0 is a major version release from the Facebook/Jest monorepo; size increase reflects legitimate feature expansion (thread/process worker support), not injected payload.	ai	2026/04/22
npm-metadata	suspicious-initial-version	AI (npm-metadata): jest-worker 0.0.0 is a name-reservation placeholder by the Jest core team (cpojer); the 0.0.0 version pattern is intentional and not indicative of malice.	ai	2026/04/22
bogus-package	bogus-package	AI (bogus-package): Placeholder version from a highly trusted publisher (cpojer/Jest team); sparse metadata is expected for a name-reservation stub, not a spam or malicious package.	ai	2026/04/22
dependencies	unvetted-dep:jest-util	AI (dependencies): jest-util is a core Jest monorepo package, a long-standing dependency of jest-worker; not a risk.	ai	2026/04/22
dependencies	unvetted-dep:merge-stream	AI (dependencies): merge-stream is a well-known, stable utility package that has been a dependency of jest-worker for many versions.	ai	2026/04/22
dependencies	unvetted-dep:@ungap/structured-clone	AI (dependencies): @ungap/structured-clone is a well-known polyfill package, a long-standing dependency of jest-worker; not a risk.	ai	2026/04/22
publish-pattern	new-deps-added	AI (publish-pattern): jest-util is a first-party Jest package pinned to the same version; @ungap/structured-clone is a well-known polyfill. Both are legitimate additions for v30.	ai	2026/04/22
provenance	publisher-changed	AI (provenance): cpojer is a founding Jest maintainer; publisher change reflects the Jest project's OpenJS Foundation transition, not a compromise.	ai	2026/04/22
maintainer-change	maintainer-added	AI (maintainer-change): New maintainers (cpojer, rickhanlonii, aaronabramov, openjs-operations) are known Jest core contributors consistent with OpenJS Foundation migration.	ai	2026/04/22
maintainer-change	maintainer-removed	AI (maintainer-change): Removed maintainers are former Facebook/Meta employees; removal is consistent with the documented Jest project transfer to OpenJS Foundation.	ai	2026/04/22
npm-metadata	no-description	AI (npm-metadata): jest-worker is a well-known monorepo package; missing description is a cosmetic issue, not a risk indicator.	ai	2026/04/21
provenance	no-provenance	AI (provenance): jest-worker is published from the official jestjs/jest monorepo by a long-standing trusted publisher; lack of Sigstore provenance is not a meaningful risk here.	ai	2026/04/21
phantom-deps	phantom-dep:@types/node	AI (phantom-deps): @types/node is intentionally listed as a runtime dep in Jest packages to expose Node types to consumers; not a security concern.	ai	2026/04/21

Versions (showing 51 of 92)

Show 7 prereleases View all versions

Version	Deps	Published
30.4.1	5 / 7	2026-05-08
30.4.0	5 / 7	2026-05-07
30.3.0	5 / 7	2026-03-10
30.2.0	5 / 7	2025-09-28
30.1.0	5 / 7	2025-08-27
30.0.5	5 / 7	2025-07-22
30.0.2	5 / 7	2025-06-19
30.0.1	5 / 7	2025-06-18
30.0.0	5 / 7	2025-06-10
29.7.0	4 / 8	2023-09-12
29.6.4	4 / 8	2023-08-24
29.6.3	4 / 8	2023-08-21
29.6.2	4 / 8	2023-07-27
29.6.1	4 / 8	2023-07-06
29.6.0	4 / 8	2023-07-04
29.5.0	4 / 8	2023-03-06
29.4.3	4 / 8	2023-02-15
29.4.2	4 / 8	2023-02-07
29.4.1	4 / 7	2023-01-26
29.4.0	4 / 7	2023-01-24
29.3.1	4 / 7	2022-11-08
29.3.0	4 / 7	2022-11-07
29.2.1	4 / 7	2022-10-18
29.2.0	4 / 7	2022-10-14
29.1.2	4 / 7	2022-09-30
29.1.0	3 / 7	2022-09-28
29.0.3	3 / 7	2022-09-10
29.0.2	3 / 7	2022-09-03
29.0.1	3 / 7	2022-08-26
29.0.0	3 / 7	2022-08-25
28.1.3	3 / 7	2022-07-13
28.1.1	3 / 7	2022-06-07
28.1.0	3 / 7	2022-05-06
28.0.2	3 / 7	2022-04-27
28.0.1	3 / 5	2022-04-26
28.0.0	3 / 5	2022-04-25
27.5.1	3 / 5	2022-02-08
27.5.0	3 / 5	2022-02-05
27.4.6	3 / 5	2022-01-04
27.4.5	3 / 5	2021-12-13
27.4.4	3 / 5	2021-12-10
27.4.2	3 / 5	2021-11-30
27.4.1	3 / 5	2021-11-30
27.4.0	3 / 5	2021-11-29
27.3.1	3 / 5	2021-10-19
27.3.0	3 / 5	2021-10-17
27.2.5	3 / 5	2021-10-08
27.2.4	3 / 5	2021-09-29
27.2.3	3 / 5	2021-09-28
27.2.2	3 / 5	2021-09-25
27.2.0	3 / 5	2021-09-13