recast MIT 100 versions

recast

npm Repository Homepage

JavaScript syntax tree transformer, nondestructive pretty-printer, and automatic source map generator

100

Versions

MIT

License

Install Scripts

Missing

Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

eventualbuddhabenjamn

Keywords

astrewritingrefactoringcodegensyntaxtransformationparsingpretty-printing

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Publisher change from benjamn to eventualbuddha occurred in 2019 and is a historical legitimate maintainer transition; eventualbuddha has 101 approved packages and 0 rejections.	ai	2026/04/22
dependencies	unvetted-dep:cls	AI (dependencies): cls (continuation-local storage) is a legitimate utility package; its use in recast for async context tracking is plausible and no malicious signals are present.	ai	2026/04/22
source-diff	source-size-tripled	AI (source-diff): Size increase is entirely explained by the addition of the 268KB jQuery test fixture, a legitimate test data file for an AST transformation library.	ai	2026/04/22
npm-metadata	url-dep:esprima	AI (npm-metadata): benjamn (recast's author) maintains the esprima fork; same publisher controls both repos. URL dep is a known pattern for this package's early versions.	ai	2026/04/22
phantom-deps	phantom-dep:whiskey	AI (phantom-deps): Whiskey is an optionalDependency used only as a test runner in package.json scripts, not imported in source. Phantom-dep finding is a false positive for this usage pattern.	ai	2026/04/22
source-diff	net-exec-file:test/data/jquery-1.9.1.js	AI (source-diff): This is the canonical jQuery 1.9.1 library added as a test fixture for recast's AST transformer. Network/exec patterns are jQuery's own internals, not malware.	ai	2026/04/22
publish-pattern	new-deps-added	AI (publish-pattern): esprima, tiny-invariant, and tslib are all well-known, legitimate packages. Their addition reflects a major version upgrade (0.10→0.23) with TypeScript migration, not an attack vector.	ai	2026/04/22
dependencies	unvetted-dep:esprima-fb	AI (dependencies): esprima-fb is Facebook's harmony/JSX fork of esprima, a known and legitimate dependency for recast's AST parsing in the v0.10.x era. Not a suspicious package.	ai	2026/04/22
provenance	no-provenance	AI (provenance): recast is a long-established package (4960 days old) published before Sigstore provenance was standard; absence of attestation is expected and not a risk signal here.	ai	2026/04/22
typosquat	typosquat.levenshtein:react	AI (typosquat): recast is a long-established, well-known AST tool with no intent to impersonate react. Name similarity is coincidental.	ai	2026/04/21

Versions (showing 100 of 186)

Version	Deps	Published
0.23.11	5 / 17	2025-03-03
0.23.10	5 / 17	2025-02-26
0.23.9	5 / 17	2024-06-01
0.23.8	5 / 17	2024-05-31
0.23.7	5 / 17	2024-05-11
0.23.6	5 / 17	2024-03-09
0.23.5	5 / 17	2024-03-01
0.23.4	5 / 17	2023-08-11
0.23.3	5 / 17	2023-07-11
0.23.2	5 / 17	2023-05-12
0.23.1	5 / 17	2022-12-14
0.23.0	5 / 17	2022-12-11
0.22.0	5 / 17	2022-12-09
0.21.2	4 / 17	2022-08-03
0.21.0	4 / 18	2021-12-02
0.20.5	4 / 18	2021-07-22
0.20.4	4 / 18	2020-10-12
0.20.3	5 / 18	2020-08-30
0.20.2	4 / 18	2020-08-24
0.20.1	4 / 18	2020-08-24
0.20.0	4 / 19	2020-08-23
0.19.1	4 / 15	2020-05-02
0.19.0	4 / 15	2020-04-05
0.18.10	4 / 15	2020-04-05
0.18.9	4 / 15	2020-04-05
0.18.8	4 / 15	2020-03-27
0.18.7	4 / 15	2020-02-22
0.18.5	4 / 15	2019-10-16
0.18.4	4 / 15	2019-10-16
0.18.3	4 / 15	2019-10-05
0.18.2	4 / 15	2019-08-11
0.18.1	4 / 15	2019-05-15
0.18.0	4 / 15	2019-05-13
0.17.6	4 / 16	2019-04-29
0.17.5	4 / 16	2019-03-28
0.17.4	4 / 16	2019-03-19
0.17.3	4 / 16	2019-02-07
0.17.2	4 / 16	2019-01-12
0.17.1	4 / 16	2019-01-10
0.17.0	4 / 16	2019-01-09
0.16.2	4 / 8	2019-01-09
0.16.1	4 / 8	2018-11-18
0.16.0	4 / 8	2018-10-13
0.15.5	4 / 8	2018-09-11
0.15.4	4 / 8	2018-09-10
0.15.3	4 / 8	2018-07-25
0.15.2	4 / 8	2018-07-05
0.15.1	4 / 8	2018-07-04
0.15.0	4 / 8	2018-05-31
0.14.7	4 / 9	2018-03-23
0.14.6	4 / 9	2018-03-22
0.14.5	4 / 9	2018-03-09
0.14.4	4 / 9	2018-02-24
0.14.3	4 / 9	2018-02-24
0.14.2	4 / 9	2018-02-22
0.14.1	4 / 9	2018-02-20
0.14.0	4 / 9	2018-02-19
0.13.2	4 / 8	2018-02-18
0.13.1	4 / 8	2018-02-11
0.13.0	4 / 8	2017-11-22
0.12.9	5 / 8	2017-11-11
0.12.8	5 / 8	2017-10-30
0.12.7	5 / 8	2017-10-10
0.12.6	5 / 7	2017-06-27
0.12.5	5 / 7	2017-06-07
0.12.4	5 / 7	2017-06-01
0.12.3	5 / 7	2017-04-05
0.12.2	5 / 6	2017-03-20
0.12.1	5 / 6	2017-03-19
0.12.0	5 / 6	2017-03-12
0.11.23	4 / 3	2017-03-12
0.11.22	4 / 3	2017-02-16
0.11.21	4 / 3	2017-02-06
0.11.20	4 / 3	2017-01-18
0.11.19	4 / 3	2017-01-18
0.11.18	4 / 3	2016-11-28
0.11.17	4 / 3	2016-11-08
0.11.16	4 / 3	2016-11-04
0.11.15	4 / 3	2016-10-28
0.11.14	4 / 3	2016-09-12
0.11.13	4 / 3	2016-09-09
0.11.12	4 / 3	2016-08-15
0.11.11	4 / 3	2016-08-05
0.11.10	4 / 3	2016-06-27
0.11.9	4 / 3	2016-06-27
0.11.8	4 / 3	2016-06-16
0.11.7	4 / 3	2016-06-13
0.11.6	4 / 3	2016-05-30
0.11.5	4 / 3	2016-04-14
0.11.4	4 / 3	2016-04-06
0.11.3	4 / 3	2016-03-09
0.11.2	4 / 3	2016-02-20
0.11.1	4 / 3	2016-02-19
0.11.0	4 / 3	2016-01-14
0.8.1	5 / 1	2014-10-31
0.7.4	5 / 1	2014-10-07
0.7.2	5 / 1	2014-09-11
0.7.0	5 / 1	2014-08-15
0.6.10	5 / 1	2014-07-30
0.6.9	5 / 1	2014-07-30

Showing 100 of 186 Next page →