← Home

turbo

npm Repository Homepage

Turborepo is a high-performance build system for JavaScript and TypeScript codebases.

100
Versions
MIT
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

vercel-release-botturbobot

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
phantom-deps phantom-dep:turbo-linux-mips64le AI (phantom-deps): Platform-specific optional binary dependency — standard cross-platform binary distribution pattern for turbo. ai
phantom-deps phantom-dep:turbo-linux-32 AI (phantom-deps): Platform-specific optional binary dependency — standard cross-platform binary distribution pattern for turbo. ai
phantom-deps phantom-dep:turbo-linux-arm AI (phantom-deps): Platform-specific optional binary dependency — standard cross-platform binary distribution pattern for turbo. ai
phantom-deps phantom-dep:turbo-freebsd-64 AI (phantom-deps): Platform-specific optional binary dependency — standard cross-platform binary distribution pattern for turbo. ai
phantom-deps phantom-dep:turbo-windows-32 AI (phantom-deps): Platform-specific optional binary dependency — standard cross-platform binary distribution pattern for turbo. ai
phantom-deps phantom-dep:turbo-freebsd-arm64 AI (phantom-deps): Platform-specific optional binary dependency — standard cross-platform binary distribution pattern for turbo. ai
phantom-deps phantom-dep:turbo-linux-ppc64le AI (phantom-deps): Platform-specific optional binary dependency — standard cross-platform binary distribution pattern for turbo. ai
install-scripts install-script:postinstall AI (install-scripts): turbo's postinstall runs install.js to select and install the correct platform-specific binary — standard documented pattern for cross-platform binary distribution, stable across versions. ai
semgrep semgrep:env-spread AI (semgrep): process.env spread is used to sanitize npm_config_global to prevent install deadlock — defensive pattern, not credential exfiltration. Confirmed in public Vercel/turborepo source. ai
semgrep semgrep:child-process-import AI (semgrep): child_process is used to run nested npm install for platform binary selection — expected and documented behavior for turbo's binary installer. ai
phantom-deps phantom-dep:turbo-darwin-64 AI (phantom-deps): Platform-specific optional binary dependency; standard pattern for cross-platform CLI tools. ai
phantom-deps phantom-dep:turbo-windows-64 AI (phantom-deps): Platform-specific optional binary dependency; standard pattern for cross-platform CLI tools. ai
phantom-deps phantom-dep:turbo-linux-arm64 AI (phantom-deps): Platform-specific optional binary dependency; standard pattern for cross-platform CLI tools. ai
phantom-deps phantom-dep:turbo-darwin-arm64 AI (phantom-deps): Platform-specific optional binary dependency; standard pattern for cross-platform CLI tools. ai
phantom-deps phantom-dep:turbo-windows-arm64 AI (phantom-deps): Platform-specific optional binary dependency; standard pattern for cross-platform CLI tools. ai
phantom-deps phantom-dep:turbo-linux-64 AI (phantom-deps): Platform-specific optional binary dependency; standard pattern for cross-platform CLI tools. ai

Versions (showing 100 of 485)

Hide prereleases
Version Deps Published
2.9.7-canary.8 0 / 0
2.9.7-canary.7 0 / 0
2.9.7-canary.6 0 / 0
2.9.7-canary.5 0 / 0
2.9.7-canary.4 0 / 0
2.9.7-canary.3 0 / 0
2.9.7-canary.2 0 / 0
2.9.7-canary.13 0 / 0
2.9.7-canary.12 0 / 0
2.9.7-canary.11 0 / 0
2.9.7-canary.10 0 / 0
2.9.7-canary.1 0 / 0
2.9.6-canary.3 0 / 0
2.9.6-canary.2 0 / 0
2.9.6-canary.1 0 / 0
2.9.5-canary.5 0 / 0
2.9.5-canary.4 0 / 0
2.9.5-canary.3 0 / 0
2.9.5-canary.2 0 / 0
2.9.5-canary.1 0 / 0
2.9.4-canary.8 0 / 0
2.9.4-canary.7 0 / 0
2.9.4-canary.6 0 / 0
2.9.4-canary.5 0 / 0
2.9.4-canary.4 0 / 0
2.9.4-canary.3 0 / 0
2.9.4-canary.2 0 / 0
2.9.4-canary.1 0 / 0
2.9.3-canary.1 0 / 0
2.9.2-canary.4 0 / 0
2.9.2-canary.3 0 / 0
2.9.2-canary.2 0 / 0
2.9.2-canary.1 0 / 0
2.9.1-canary.1 0 / 0
2.8.22-canary.8 0 / 0
2.8.22-canary.7 0 / 0
2.8.22-canary.6 0 / 0
2.8.22-canary.5 0 / 0
2.8.22-canary.4 0 / 0
2.8.22-canary.3 0 / 0
2.8.22-canary.2 0 / 0
2.8.22-canary.1 0 / 0
2.8.21-canary.9 0 / 0
2.8.21-canary.8 0 / 0
2.8.21-canary.7 0 / 0
2.8.21-canary.6 0 / 0
2.8.21-canary.5 0 / 0
2.8.21-canary.4 0 / 0
2.8.21-canary.3 0 / 0
2.8.21-canary.20 0 / 0
2.8.21-canary.2 0 / 0
2.8.21-canary.19 0 / 0
2.8.21-canary.18 0 / 0
2.8.21-canary.17 0 / 0
2.8.21-canary.16 0 / 0
2.8.21-canary.15 0 / 0
2.8.21-canary.14 0 / 0
2.8.21-canary.13 0 / 0
2.8.21-canary.12 0 / 0
2.8.21-canary.11 0 / 0
2.8.21-canary.10 0 / 0
2.8.21-canary.1 0 / 0
2.8.20-canary.1 0 / 0
2.8.19-canary.3 0 / 0
2.8.19-canary.2 0 / 0
2.8.19-canary.1 0 / 0
2.8.18-canary.9 0 / 0
2.8.18-canary.8 0 / 0
2.8.18-canary.7 0 / 0
2.8.18-canary.6 0 / 0
2.8.18-canary.5 0 / 0
2.8.18-canary.4 0 / 0
2.8.18-canary.3 0 / 0
2.8.18-canary.26 0 / 0
2.8.18-canary.25 0 / 0
2.8.18-canary.24 0 / 0
2.8.18-canary.23 0 / 0
2.8.18-canary.22 0 / 0
2.8.18-canary.21 0 / 0
2.8.18-canary.20 0 / 0
2.8.18-canary.2 0 / 0
2.8.18-canary.19 0 / 0
2.8.18-canary.18 0 / 0
2.8.18-canary.17 0 / 0
2.8.18-canary.16 0 / 0
2.8.18-canary.15 0 / 0
2.8.18-canary.14 0 / 0
2.8.18-canary.13 0 / 0
2.8.18-canary.12 0 / 0
2.8.18-canary.11 0 / 0
2.8.18-canary.10 0 / 0
2.8.18-canary.1 0 / 0
2.8.17-canary.9 0 / 0
2.8.17-canary.8 0 / 0
2.8.17-canary.7 0 / 0
2.8.17-canary.6 0 / 0
2.8.17-canary.5 0 / 0
2.8.17-canary.4 0 / 0
2.8.17-canary.3 0 / 0
2.8.17-canary.2 0 / 0
Showing 100 of 485 Next page →