← Home

regenerator

npm Repository Homepage

Source transformer enabling ECMAScript 6 generator functions (yield) in JavaScript-of-today (ES5)

77
Versions
MIT
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

benjamn

Keywords

generatoryieldcoroutinerewritingtransformationsyntaxcodegenrewritingrefactoringtranspilerdesugaringES6

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
semgrep semgrep:new-function-constructor AI (semgrep): Legitimate use in GeneratorFunction prototype setup; not dynamic code execution from untrusted input. ai
source-diff net-exec-file:runtime.js AI (source-diff): runtime.js is the legitimate regenerator runtime polyfill from Facebook; the 'network + code execution' pattern is a false positive on standard module detection and Symbol usage. ai
source-diff source-size-tripled AI (source-diff): Size increase is entirely due to large documentation/demo files (docs/bundle.js, docs/codemirror) added for GitHub Pages demo. Not a runtime risk. ai
source-diff net-exec-file:docs/bundle.js AI (source-diff): docs/bundle.js is a browserify documentation/demo bundle for the regenerator project. The detected patterns are standard module loader boilerplate, not malware. Stable false positive for this package. ai
semgrep semgrep:dynamic-require AI (semgrep): The dynamic require(runtime.dev) is a documented pattern in regenerator for lazily loading the dev runtime module path — not an arbitrary code execution risk. Stable for this package. ai
phantom-deps phantom-dep:commander AI (phantom-deps): commander is declared and used as CLI argument parser for bin/regenerator; false positive for a tool dependency. ai
publish-pattern new-deps-added AI (publish-pattern): New dependencies (babel-core, regenerator-preset, regenerator-runtime) are established packages appropriate for ES6 transpilation; stable pattern for this package. ai
source-diff source-size-dropped AI (source-diff): Source reduction reflects refactoring to use Babel infrastructure; legitimate architectural change. ai
phantom-deps phantom-dep:babel-plugin-transform-es2015-for-of AI (phantom-deps): Monorepo/lerna setup; deps used in sub-packages or Babel config, not directly imported in main. Stable false positive for this package. ai
phantom-deps phantom-dep:babel-types AI (phantom-deps): Monorepo/lerna setup; deps used in sub-packages or Babel config, not directly imported in main. Stable false positive for this package. ai
phantom-deps phantom-dep:babel-runtime AI (phantom-deps): Monorepo/lerna setup; deps used in sub-packages or Babel config, not directly imported in main. Stable false positive for this package. ai
phantom-deps phantom-dep:regenerator-transform AI (phantom-deps): Monorepo/lerna setup; deps used in sub-packages or Babel config, not directly imported in main. Stable false positive for this package. ai
phantom-deps phantom-dep:babel-plugin-syntax-async-functions AI (phantom-deps): Monorepo/lerna setup; deps used in sub-packages or Babel config, not directly imported in main. Stable false positive for this package. ai
phantom-deps phantom-dep:babel-plugin-syntax-async-generators AI (phantom-deps): Monorepo/lerna setup; deps used in sub-packages or Babel config, not directly imported in main. Stable false positive for this package. ai
phantom-deps phantom-dep:babel-plugin-transform-es2015-classes AI (phantom-deps): Monorepo/lerna setup; deps used in sub-packages or Babel config, not directly imported in main. Stable false positive for this package. ai
phantom-deps phantom-dep:private AI (phantom-deps): Phantom dependency referenced in config files only; expected pattern in build tools. ai
phantom-deps phantom-dep:babel-plugin-transform-es2015-block-scoping AI (phantom-deps): Monorepo/lerna setup; deps used in sub-packages or Babel config, not directly imported in main. Stable false positive for this package. ai
phantom-deps phantom-dep:babel-plugin-transform-es2015-arrow-functions AI (phantom-deps): Monorepo/lerna setup; deps used in sub-packages or Babel config, not directly imported in main. Stable false positive for this package. ai
dependencies unvetted-dep:mocha AI (dependencies): mocha is an optional dev dependency used only for testing; it poses no runtime risk to consumers of this package. ai
dependencies unvetted-dep:browserify AI (dependencies): browserify is an optional dev dependency used only for building; it poses no runtime risk to consumers of this package. ai
phantom-deps phantom-dep:semver AI (phantom-deps): semver is an optionalDependency referenced only in config/scripts; not imported at runtime. Stable false positive for this package. ai
phantom-deps phantom-dep:browserify AI (phantom-deps): browserify is an optionalDependency used only for bundling; not imported at runtime. Stable false positive for this package. ai
phantom-deps phantom-dep:mocha AI (phantom-deps): mocha is an optionalDependency used only for testing; not imported at runtime. Stable false positive for this package. ai
npm-metadata url-dep:esprima AI (npm-metadata): Historical git dependency on esprima harmony branch was standard practice for early ES6 tooling; points to canonical upstream repo by original author. ai
dependencies unvetted-dep:esprima-fb AI (dependencies): esprima-fb is Facebook's ES6-capable fork of esprima; appropriate for ES6 generator transpilation. ai
phantom-deps phantom-dep:commoner AI (phantom-deps): Phantom dependency referenced in config files only; expected pattern in build tools. ai
dependencies unvetted-dep:regenerator-transform AI (dependencies): regenerator-transform is a first-party companion package in the regenerator ecosystem, maintained by the same author (benjamn/facebook). Expected dependency for this package. ai
dependencies unvetted-dep:regenerator-preset AI (dependencies): regenerator-preset is a first-party companion package in the regenerator ecosystem, maintained by the same author (benjamn/facebook). Expected dependency for this package. ai
provenance no-provenance AI (provenance): Package is 4578 days old; Sigstore provenance predates its publication era. Not a meaningful risk signal for this package. ai
license uncommon-license:BSD AI (license): BSD is a well-known permissive license; the uncommon-license flag is a stable false positive for this package. ai

Versions (showing 77 of 77)

Version Deps Published
0.14.12 9 / 10
0.14.11 9 / 10
0.14.10 10 / 10
0.14.9 10 / 10
0.14.7 10 / 10
0.14.6 10 / 10
0.14.5 10 / 10
0.14.4 10 / 10
0.14.3 10 / 11
0.14.2 10 / 11
0.14.1 10 / 9
0.14.0 10 / 9
0.13.4 10 / 9
0.13.3 10 / 9
0.13.2 10 / 9
0.13.1 10 / 8
0.13.0 10 / 8
0.12.4 16 / 11
0.12.3 16 / 11
0.12.2 16 / 11
0.12.1 16 / 11
0.12.0 16 / 11
0.11.1 16 / 11
0.11.0 16 / 11
0.10.1 16 / 11
0.10.0 16 / 11
0.9.7 6 / 4
0.9.6 6 / 4
0.9.5 6 / 4
0.9.4 6 / 4
0.9.3 6 / 4
0.9.2 6 / 4
0.9.1 8 / 4
0.8.12 6 / 3
0.4.12 5 / 2
0.4.11 5 / 2
0.4.10 5 / 2
0.4.9 5 / 2
0.4.8 5 / 2
0.4.7 5 / 2
0.4.6 5 / 2
0.4.5 5 / 2
0.4.4 6 / 2
0.4.3 6 / 2
0.4.2 6 / 2
0.4.1 6 / 2
0.4.0 6 / 2
0.3.9 6 / 2
0.3.8 6 / 2
0.3.7 6 / 2
0.3.6 6 / 2
0.3.5 6 / 2
0.3.4 6 / 2
0.3.3 6 / 2
0.3.2 6 / 2
0.3.1 6 / 2
0.3.0 6 / 2
0.2.11 5 / 2
0.2.10 5 / 2
0.2.9 5 / 2
0.2.8 5 / 2
0.2.7 5 / 2
0.2.6 5 / 2
0.2.5 7 / 0
0.2.4 7 / 0
0.2.3 7 / 0
0.2.2 8 / 0
0.2.1 8 / 0
0.2.0 7 / 0
0.1.7 7 / 0
0.1.6 7 / 0
0.1.5 7 / 0
0.1.4 7 / 0
0.1.3 7 / 0
0.1.2 7 / 0
0.1.1 7 / 0
0.1.0 7 / 0