oxc-transform No license 66 versions

oxc-transform

npm Repository Homepage

66

Versions

—

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

boshen

Keywords

babeljavascriptjsxoxctransformtransformertsxtypescript

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
semgrep	semgrep:child-process-import	AI (semgrep): napi-rs standard pattern: child_process used only to run 'ldd --version' for musl detection when selecting native binary. Benign and stable across versions.	ai	2026/04/26
semgrep	semgrep:child-process-execsync	AI (semgrep): execSync('ldd --version') is a read-only musl detection call in napi-rs boilerplate. No user-controlled input; stable false positive for this package.	ai	2026/04/26
semgrep	semgrep:dynamic-require	AI (semgrep): require(process.env.NAPI_RS_NATIVE_LIBRARY_PATH) is a documented napi-rs escape hatch for native library path override. Standard pattern for all napi-rs packages.	ai	2026/04/26

Versions (showing 66 of 66)

Version	Deps	Published
0.133.0	0 / 6	2026-05-26
0.132.0	0 / 6	2026-05-18
0.131.0	0 / 6	2026-05-15
0.130.0	0 / 6	2026-05-11
0.129.0	0 / 6	2026-05-05
0.128.0	0 / 6	2026-04-27
0.127.0	0 / 4	2026-04-20
0.126.0	0 / 4	2026-04-16
0.125.0	0 / 4	2026-04-13
0.124.0	0 / 4	2026-04-07
0.123.0	0 / 4	2026-03-31
0.121.0	0 / 4	2026-03-19
0.120.0	0 / 4	2026-03-16
0.119.0	0 / 4	2026-03-14
0.118.0	0 / 4	2026-03-12
0.117.0	0 / 4	2026-03-09
0.116.0	0 / 4	2026-03-02
0.115.0	0 / 4	2026-02-23
0.114.0	0 / 4	2026-02-16
0.112.0	0 / 4	2026-02-02
0.111.0	0 / 4	2026-01-26
0.110.0	0 / 4	2026-01-19
0.109.0	0 / 4	2026-01-19
0.108.0	0 / 4	2026-01-12
0.107.0	0 / 4	2026-01-05
0.106.0	0 / 4	2025-12-29
0.105.0	0 / 4	2025-12-22
0.104.0	0 / 4	2025-12-19
0.103.0	0 / 3	2025-12-15
0.102.0	0 / 3	2025-12-08
0.101.0	0 / 3	2025-12-02
0.99.0	0 / 3	2025-11-24
0.98.0	0 / 3	2025-11-17
0.97.0	0 / 3	2025-11-11
0.96.0	0 / 3	2025-10-30
0.83.0	0 / 2	2025-08-30
0.82.3	0 / 2	2025-08-20
0.82.2	0 / 2	2025-08-17
0.82.1	0 / 2	2025-08-13
0.82.0	0 / 2	2025-08-12
0.81.0	0 / 2	2025-08-06
0.80.0	0 / 2	2025-08-03
0.79.1	0 / 2	2025-07-31
0.79.0	0 / 2	2025-07-30
0.78.0	0 / 2	2025-07-24
0.77.3	0 / 2	2025-07-20
0.77.2	0 / 2	2025-07-17
0.77.1	0 / 2	2025-07-16
0.77.0	0 / 2	2025-07-12
0.76.0	0 / 2	2025-07-08
0.75.1	0 / 2	2025-07-03
0.75.0	0 / 2	2025-06-25
0.74.0	0 / 2	2025-06-23
0.73.2	0 / 2	2025-06-18
0.73.1	0 / 2	2025-06-17
0.73.0	0 / 2	2025-06-13
0.72.3	0 / 2	2025-06-06
0.72.2	0 / 2	2025-05-31
0.72.1	0 / 2	2025-05-28
0.72.0	0 / 2	2025-05-24
0.71.0	0 / 2	2025-05-20
0.70.0	0 / 2	2025-05-15
0.69.0	0 / 1	2025-05-09
0.68.1	0 / 1	2025-05-04
0.68.0	0 / 1	2025-05-04
0.67.0	0 / 1	2025-04-27

v0.133.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.132.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.131.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.130.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.129.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.127.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.126.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.125.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.124.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.123.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.117.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.106.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.83.0

2 findings

HIGH Publisher changed: boshen → GitHub Actions (on 2025-08-30) provenance

This version was published by a different npm account than previous versions on 2025-08-30. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.82.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.82.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.82.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.82.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.81.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.80.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.79.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.79.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.78.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.77.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.77.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.77.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.77.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.76.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.75.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.75.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.74.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.73.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.73.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.73.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.72.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.72.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.72.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.72.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.71.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.70.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.69.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.68.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.68.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.67.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.