typescript Apache-2.0 100 versions

typescript

npm Repository Homepage

TypeScript is a language for application scale JavaScript development

100

Versions

Apache-2.0

License

Install Scripts

Missing

Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

microsoft1estypescript-botweswighamandrewbranchtypescript-deploysjakebailey

Keywords

TypeScriptMicrosoftcompilerlanguagejavascript

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
semgrep	semgrep:child-process-exec	AI (semgrep): child_process.exec() is in Jakefile.js, a build automation file not executed at install or runtime. It runs cscript for spec doc conversion — a standard build task for the TypeScript compiler project.	ai	2026/04/21
publish-pattern	dormant-publish	AI (publish-pattern): TypeScript publishes continuously (2767 versions); dormancy signal is an artifact of approved-version gap, not actual inactivity.	ai	2026/04/21
source-diff	obfuscated-file:lib/_tsc.js	AI (source-diff): TypeScript ships its compiler as a single bundled JS file; long lines are from esbuild bundling, not obfuscation. Stable for this package.	ai	2026/04/21
maintainer-change	maintainer-takeover	AI (maintainer-change): Legitimate transition from single 'typescript' account to individual MS team members + typescript-bot; well-documented change in TypeScript's npm publishing.	ai	2026/04/21
provenance	publisher-changed	AI (provenance): typescript-bot is Microsoft's official automated publishing account for TypeScript; publisher change from 'typescript' account is a known legitimate transition.	ai	2026/04/21
maintainer-change	maintainer-added	AI (maintainer-change): All added maintainers are known Microsoft TypeScript team members; legitimate team expansion on npm.	ai	2026/04/21
maintainer-change	maintainer-removed	AI (maintainer-change): Removal of generic 'typescript' account in favor of individual team members is a security improvement, not a concern.	ai	2026/04/21
source-diff	large-new-source-files	AI (source-diff): Comparison spans v3.3→v3.9 (many minor versions); 28 new files is expected growth for TypeScript's codebase.	ai	2026/04/21
provenance	missing-githead	AI (provenance): TypeScript is published by Microsoft's official npm account; gitHead presence varies across their publish tooling over 1300+ versions. Not a security signal for this package.	ai	2026/04/21
semgrep	semgrep:child-process-import	AI (semgrep): child_process import is in Jakefile.js (build tooling only), not in any runtime or install-time code. Stable false positive for this package.	ai	2026/04/21
provenance	no-provenance	AI (provenance): TypeScript predates Sigstore provenance; older versions will never have attestations.	ai	2026/04/21
source-diff	obfuscated-file:lib/typingsInstaller.js	AI (source-diff): TypeScript ships bundled compiler output with long lines from its build process; this is standard for the package, not obfuscation.	ai	2026/04/21

Versions (showing 100 of 399)

Hide prereleases

Version	Deps	Published
6.0.3	0 / 42	2026-04-16
6.0.2	0 / 42	2026-03-23
5.9.3	0 / 44	2025-09-30
5.9.2	0 / 44	2025-07-31
5.8.3	0 / 44	2025-04-05
5.8.2	0 / 44	2025-02-28
5.7.3	0 / 44	2025-01-08
5.7.2	0 / 44	2024-11-22
5.6.3	0 / 45	2024-10-08
5.6.2	0 / 45	2024-09-09
5.5.4	0 / 40	2024-07-22
5.5.3	0 / 40	2024-07-01
5.5.2	0 / 40	2024-06-20
5.4.5	0 / 41	2024-04-10
5.4.4	0 / 41	2024-04-04
5.4.3	0 / 41	2024-03-20
5.4.2	0 / 41	2024-03-06
5.3.3	0 / 41	2023-12-06
5.3.2	0 / 41	2023-11-20
5.2.2	0 / 42	2023-08-24
5.1.6	0 / 42	2023-06-28
5.1.5	0 / 42	2023-06-27
5.1.3	0 / 42	2023-06-01
5.0.4	0 / 41	2023-04-07
5.0.3	0 / 41	2023-03-30
5.0.2	0 / 41	2023-03-16
4.9.5	0 / 55	2023-01-30
4.9.4	0 / 55	2022-12-07
4.9.3	0 / 55	2022-11-15
4.8.4	0 / 60	2022-09-27
4.8.3	0 / 60	2022-09-08
4.8.2	0 / 60	2022-08-25
4.7.4	0 / 59	2022-06-17
4.7.3	0 / 59	2022-06-03
4.7.2	0 / 59	2022-05-24
4.6.4	0 / 67	2022-04-28
4.6.3	0 / 67	2022-03-24
4.6.2	0 / 67	2022-02-28
4.5.5	0 / 67	2022-01-20
4.5.4	0 / 67	2021-12-13
4.5.3	0 / 67	2021-12-09
4.5.2	0 / 67	2021-11-17
4.4.4	0 / 69	2021-10-12
4.4.3	0 / 69	2021-09-10
4.4.2	0 / 69	2021-08-26
4.3.5	0 / 69	2021-06-30
4.3.4	0 / 69	2021-06-17
4.3.3	0 / 69	2021-06-16
4.3.2	0 / 69	2021-05-26
4.2.4	0 / 69	2021-04-07
4.2.3	0 / 69	2021-03-04
4.2.2	0 / 69	2021-02-23
4.1.6	0 / 71	2021-06-16
4.1.5	0 / 71	2021-02-10
4.1.4	0 / 71	2021-02-09
4.1.3	0 / 71	2020-12-11
4.1.2	0 / 71	2020-11-19
4.0.8	0 / 72	2021-06-16
4.0.7	0 / 72	2021-02-10
4.0.6	0 / 72	2021-02-09
4.0.5	0 / 72	2020-10-26
4.0.3	0 / 72	2020-09-18
4.0.2	0 / 72	2020-08-20
3.9.10	0 / 71	2021-06-16
3.9.9	0 / 71	2021-02-10
3.9.8	0 / 71	2021-02-09
3.9.7	0 / 71	2020-07-16
3.9.6	0 / 71	2020-07-01
3.9.5	0 / 71	2020-06-04
3.9.4	0 / 71	2020-05-29
3.9.3	0 / 71	2020-05-19
3.9.2	0 / 71	2020-05-12
3.8.3	0 / 70	2020-02-28
3.8.2	0 / 70	2020-02-20
3.7.7	0 / 71	2021-02-10
3.7.6	0 / 71	2021-02-09
3.7.5	0 / 71	2020-01-16
3.7.4	0 / 71	2019-12-20
3.7.3	0 / 71	2019-12-04
3.7.2	0 / 71	2019-11-05
3.6.5	0 / 63	2020-01-23
3.6.4	0 / 63	2019-10-09
3.6.3	0 / 63	2019-09-10
3.6.2	0 / 63	2019-08-28
3.5.3	0 / 58	2019-07-08
3.5.2	0 / 58	2019-06-13
3.5.1	0 / 58	2019-05-29
3.4.5	0 / 59	2019-04-23
3.4.4	0 / 59	2019-04-18
3.4.3	0 / 59	2019-04-09
3.4.2	0 / 59	2019-04-05
3.4.1	0 / 59	2019-03-29
3.3.4000	0 / 66	2019-03-19
3.3.3333	0 / 66	2019-02-21
3.2.4	0 / 65	2019-01-17
3.2.2	0 / 65	2018-12-07
3.2.1	0 / 65	2018-11-29
3.1.8	0 / 65	2021-02-10
3.1.7	0 / 65	2021-02-09
3.1.5	0 / 65	2018-10-31

Showing 100 of 399 Next page →