sass — Greenflagged

A pure JavaScript implementation of Sass.

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

nex3hcatlin

Keywords

stylescsssasspreprocessorcss

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	source-size-tripled	AI (source-diff): sass ships as a compiled Dart-to-JS bundle; size growth between versions is expected as features are added to the Dart runtime and compiler. No obfuscation or payload indicators.	ai	2026/04/22
phantom-deps	phantom-dep:chokidar	AI (phantom-deps): chokidar is a legitimate runtime dependency used by the sass CLI for --watch mode; it is correctly declared in package.json and its indirect usage pattern is stable for this package.	ai	2026/04/22
source-diff	large-new-source-files	AI (source-diff): Dart Sass transpilation regularly produces new JS source files; expected for this package's build process.	ai	2026/04/22
publish-pattern	new-deps-added	AI (publish-pattern): source-map-js is a legitimate dependency for a transpiler generating source maps, not an attack vector.	ai	2026/04/22
dependencies	unvetted-dep:@parcel/watcher	AI (dependencies): @parcel/watcher is a well-known, widely-used file-watching library from the Parcel ecosystem; its use in sass for watch-mode is expected and benign.	ai	2026/04/22
provenance	no-provenance	AI (provenance): sass is a long-established, high-trust package; lack of Sigstore provenance is not a meaningful risk signal here.	ai	2026/04/22
provenance	publisher-changed	AI (provenance): Publisher change reflects documented transition to GitHub Actions automation for the official Dart Sass project; SLSA provenance confirms integrity.	ai	2026/04/22
source-diff	encoded-string-file:sass.dart.js	AI (source-diff): Encoded strings are UTF-8 state machine lookup tables in transpiled Dart code; standard pattern, not malicious.	ai	2026/04/22
maintainer-change	maintainer-removed	AI (maintainer-change): Maintainer removal alone is normal in long-lived projects; no new maintainers added and publisher has clean track record.	ai	2026/04/22
semgrep	semgrep:dynamic-require	AI (semgrep): Dynamic require with try-catch for optional @parcel/watcher dependency; standard pattern for optional native bindings.	ai	2026/04/21
dependencies	unvetted-dep:source-map-js	AI (dependencies): source-map-js is a standard, established utility for source map handling in transpilers; appropriate for Sass.	ai	2026/04/21

Versions (showing 100 of 282)

Version	Deps	Published
1.61.0	3 / 0	2023-04-06
1.60.0	3 / 0	2023-03-23
1.59.3	3 / 0	2023-03-14
1.59.2	3 / 0	2023-03-11
1.59.1	3 / 0	2023-03-10
1.59.0	3 / 0	2023-03-10
1.58.3	3 / 0	2023-02-18
1.58.2	3 / 0	2023-02-17
1.58.1	3 / 0	2023-02-14
1.58.0	3 / 0	2023-02-01
1.57.1	3 / 0	2022-12-19
1.57.0	3 / 0	2022-12-17
1.56.2	3 / 0	2022-12-08
1.56.1	3 / 0	2022-11-09
1.56.0	3 / 0	2022-11-04
1.55.0	3 / 0	2022-09-21
1.54.9	3 / 0	2022-09-07
1.54.8	3 / 0	2022-08-31
1.54.7	3 / 0	2022-08-31
1.54.6	3 / 0	2022-08-29
1.54.5	3 / 0	2022-08-19
1.54.4	3 / 0	2022-08-10
1.54.3	3 / 0	2022-08-04
1.54.2	3 / 0	2022-08-03
1.54.1	3 / 0	2022-08-02
1.54.0	3 / 0	2022-07-22
1.53.0	3 / 0	2022-06-22
1.52.3	3 / 0	2022-06-08
1.52.2	3 / 0	2022-06-03
1.52.1	3 / 0	2022-05-20
1.52.0	3 / 0	2022-05-20
1.51.0	3 / 0	2022-04-26
1.50.1	3 / 0	2022-04-19
1.50.0	3 / 0	2022-04-07
1.49.11	3 / 0	2022-04-01
1.49.10	3 / 0	2022-03-30
1.49.9	3 / 0	2022-02-24
1.49.8	3 / 0	2022-02-17
1.49.7	3 / 0	2022-02-01
1.49.6	3 / 0	2022-02-01
1.49.5	3 / 0	2022-02-01
1.49.4	3 / 0	2022-02-01
1.49.3	3 / 0	2022-02-01
1.49.2	3 / 0	2022-02-01
1.49.1	3 / 0	2022-01-31
1.49.0	3 / 0	2022-01-18
1.48.0	3 / 0	2022-01-13
1.47.0	3 / 0	2022-01-07
1.46.0	3 / 0	2022-01-06
1.45.2	3 / 0	2021-12-31
1.45.1	3 / 0	2021-12-21
1.45.0	3 / 0	2021-12-10
1.44.0	2 / 0	2021-11-30
1.43.5	1 / 0	2021-11-24
1.43.4	1 / 0	2021-10-26
1.43.3	1 / 0	2021-10-21
1.43.2	1 / 0	2021-10-13
1.42.1	1 / 0	2021-09-22
1.42.0	1 / 0	2021-09-21
1.41.1	1 / 0	2021-09-16
1.41.0	1 / 0	2021-09-14
1.40.1	1 / 0	2021-09-14
1.40.0	1 / 0	2021-09-13
1.39.2	1 / 0	2021-09-10
1.39.1	1 / 0	2021-09-09
1.39.0	1 / 0	2021-09-02
1.38.2	1 / 0	2021-08-28
1.38.1	1 / 0	2021-08-23
1.38.0	1 / 0	2021-08-17
1.37.5	1 / 0	2021-08-04
1.37.4	1 / 0	2021-08-03
1.37.3	1 / 0	2021-08-03
1.37.2	1 / 0	2021-08-03
1.37.1	1 / 0	2021-08-02
1.37.0	1 / 0	2021-07-30
1.36.0	1 / 0	2021-07-23
1.35.2	1 / 0	2021-07-07
1.35.1	1 / 0	2021-06-15
1.35.0	1 / 0	2021-06-15
1.34.1	1 / 0	2021-06-02
1.34.0	1 / 0	2021-05-22
1.33.0	1 / 0	2021-05-21
1.32.13	1 / 0	2021-05-12
1.32.12	1 / 0	2021-04-28
1.32.11	1 / 0	2021-04-19
1.32.10	1 / 0	2021-04-16
1.32.9	1 / 0	2021-04-16
1.32.8	1 / 0	2021-02-18
1.32.7	1 / 0	2021-02-10
1.32.6	1 / 0	2021-02-01
1.32.5	1 / 0	2021-01-20
1.32.4	1 / 0	2021-01-12
1.32.3	1 / 0	2021-01-12
1.32.2	1 / 0	2021-01-07
1.32.1	1 / 0	2021-01-06
1.32.0	1 / 0	2020-12-30
1.30.0	1 / 0	2020-12-04
1.29.0	1 / 0	2020-11-05
1.28.0	1 / 0	2020-10-29
1.27.2	1 / 0	2020-10-29

Showing 100 of 282 Next page →