← Home

@babel/helper-annotate-as-pure

Helper function to annotate paths and nodes with #__PURE__ comment

28
Versions
MIT
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

hzooexistentialismnicolo-ribaudojlhwung

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
provenance missing-githead AI (provenance): Babel monorepo publish tooling change; nicolo-ribaudo is a trusted Babel core maintainer. No security implication for this well-established package. ai
provenance no-provenance AI (provenance): This version predates Sigstore provenance adoption in the Babel project. Not a security risk given the trusted publisher and established package history. ai
bogus-package bogus-package AI (bogus-package): Babel helper packages legitimately share a templated @babel/* naming shape, have no keywords, and are tiny focused utilities. These signals are structural false positives for this package. ai
provenance publisher-changed AI (provenance): hzoo and loganfsmyth are both well-known Babel core team members; this transition reflects a legitimate maintainer handoff within the Babel project. ai

Versions (showing 28 of 28)

Hide prereleases
Version Deps Published
8.0.0 1 / 1
7.29.7 1 / 1
7.27.3 1 / 1
7.27.1 1 / 1
7.25.9 1 / 1
7.25.7 1 / 1
7.24.7 1 / 1
7.24.6 1 / 1
7.22.5 1 / 0
7.18.6 1 / 0
7.16.7 1 / 0
7.16.0 1 / 0
7.15.4 1 / 0
7.14.5 1 / 0
7.12.13 1 / 0
7.12.10 1 / 0
7.10.4 1 / 0
7.10.1 1 / 0
7.8.3 1 / 0
7.8.0 1 / 0
7.7.4 1 / 0
7.7.0 1 / 0
7.0.0 1 / 0
8.0.0-rc.3 1 / 1
8.0.0-rc.2 1 / 1
8.0.0-rc.1 1 / 1
8.0.0-beta.4 1 / 1
7.0.0-beta.46 1 / 0

v8.0.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.29.7

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.