[email protected] rejected Risk: 25 MIT 2026-05-19

ts-jest @29.4.10

rejected

This version was rejected. It did not pass GreenFlagged's security review and is not served by the registry. The findings and risk dispositions below explain why.

npm Repository Homepage Tarball

Risk Score

MIT

License

Install Scripts

Dependencies

Dev Dependencies

73.8 KB

Package Size

2026-05-19

Published

A Jest transformer with source map support that lets you use Jest to test projects written in TypeScript

Maintainers

kulanhpnndtsjest

Keywords

jesttypescriptsourcemapreacttesting

Dependencies (9)

Package	Constraint	Registry Status
json5	^2.2.3	auto_approved
semver	^7.8.0	auto_approved
bs-logger	^0.2.6	auto_approved
type-fest	^4.41.0	auto_approved
handlebars	^4.7.9	No greenflagged match
make-error	^1.3.6	auto_approved
yargs-parser	^21.1.1	auto_approved
lodash.memoize	^4.1.2	auto_approved
fast-json-stable-stringify	^2.1.0	auto_approved

Dev Dependencies (46)

Package	Constraint	Registry Status
jest	^30.4.2	auto_approved
execa	5.1.1	No greenflagged match
husky	^9.1.7	auto_approved
memfs	^4.57.2	auto_approved
eslint	^9.39.4	auto_approved
rimraf	^5.0.10	auto_approved
esbuild	~0.28.0	auto_approved
globals	^16.5.0	auto_approved
js-yaml	^4.1.1	auto_approved
ts-node	^10.9.2	auto_approved
fs-extra	^11.3.5	auto_approved
prettier	^2.8.8	auto_approved
fast-glob	^3.3.3	auto_approved
@eslint/js	^9.39.4	auto_approved
babel-jest	^30.4.1	auto_approved
typescript	~5.9.3	auto_approved
@jest/types	^30.4.1	auto_approved
@types/jest	^29.5.14	auto_approved
@types/node	20.19.41	auto_approved
lint-staged	^15.5.2	auto_approved
@types/yargs	^17.0.35	auto_approved
@jest/globals	^30.4.1	auto_approved
@types/semver	^7.7.1	auto_approved
@eslint/compat	^1.4.1	auto_approved
@types/js-yaml	^4.0.9	auto_approved
@commitlint/cli	^19.8.1	No greenflagged match
@jest/transform	^30.4.1	auto_approved
@types/fs-extra	^11.0.4	No greenflagged match
@eslint/eslintrc	^3.3.5	auto_approved
@types/lodash.set	^4.3.9	auto_approved
@types/micromatch	^4.0.10	auto_approved
typescript-eslint	^8.59.3	auto_approved
@types/babel__core	^7.20.5	auto_approved
eslint-plugin-jest	^28.14.0	No greenflagged match
@types/yargs-parser	21.0.3	auto_approved
eslint-plugin-jsdoc	^50.8.0	auto_approved
eslint-plugin-import	^2.32.0	auto_approved
@types/lodash.memoize	^4.1.9	auto_approved
conventional-changelog	^7.2.0	auto_approved
eslint-config-prettier	^10.1.8	auto_approved
eslint-plugin-prettier	^4.2.5	No greenflagged match
@types/lodash.camelcase	^4.3.9	Not imported
@typescript-eslint/parser	^8.59.3	auto_approved
@commitlint/config-angular	^19.8.1	No greenflagged match
conventional-changelog-angular	^8.3.1	auto_approved
@typescript-eslint/eslint-plugin	^8.59.3	auto_approved

Transitive Dependency Tree

9 transitive deps max depth 2

├─ bs-logger ^0.2.6 → 0.2.6

├─ fast-json-stable-stringify ^2.1.0 → 2.1.0

├─ handlebars ^4.7.9

├─ json5 ^2.2.3 → 2.2.3

├─ lodash.memoize ^4.1.2 → 4.1.2

├─ make-error ^1.3.6 → 1.3.6

├─ semver ^7.8.0 → 7.8.1

├─ type-fest ^4.41.0 → 4.41.0

├─ yargs-parser ^21.1.1 → 21.1.1

├─ fast-json-stable-stringify 2.x → 2.1.0

Changes from v29.4.9

Dependency Changes

Change	Package	Version
changed	semver	^7.7.4 → ^7.8.0

File Changes

0 added 0 removed 7 modified size delta: +16.2 KB

SAST Findings (2)

HIGH Provenance attestation missing — previous versions had it provenance

This version was published without provenance, but prior versions were published via CI/CD with attestations. This is a strong signal of a potential account compromise or unauthorized publish. The axios attack (March 2026) exhibited exactly this pattern.

INFO Publisher changed: GitHub Actions → anhpnnd (on 2026-05-19) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2026-05-19. This could indicate a legitimate maintainer transition or an account compromise.

Review Summary

Risk score: 25. Findings: 1 high (+25), 4 info (+0).

Commit: 96b3ac0cc058 Browse source

Published to npm: 2026-05-19