@babel/parser — Greenflagged

A JavaScript parser

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

hzooexistentialismnicolo-ribaudojlhwung

Keywords

babeljavascriptparsertc39ecmascript@babel/parser

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	obfuscated-file:lib/index.d.ts	AI (source-diff): lib/index.d.ts is a legitimate TypeScript declaration file for @babel/parser's public API. Long lines are caused by large union types, not obfuscation. Stable false positive for this package.	ai	2026/04/23
maintainer-change	maintainer-added	AI (maintainer-change): developit (Jason Miller) is a reputable, well-known JS ecosystem contributor; addition to Babel org is a legitimate collaboration, not a takeover signal.	ai	2026/04/22
provenance	missing-githead	AI (provenance): Missing gitHead is a known artifact of monorepo publish tooling changes in the Babel project; not indicative of tampering for this well-established package.	ai	2026/04/22
maintainer-change	maintainer-removed	AI (maintainer-change): Babel team membership has evolved over time; removal of loganfsmyth and danez reflects known team changes, not a takeover. nicolo-ribaudo is a core Babel maintainer.	ai	2026/04/22
source-diff	obfuscated-file:lib/util/identifier.js	AI (source-diff): Long lines in identifier.js are Unicode character range tables, a standard pattern in JavaScript parsers. The file is readable, clean code — not obfuscated.	ai	2026/04/22
bogus-package	bogus-package	AI (bogus-package): hzoo and loganfsmyth are long-standing Babel core contributors; spam flag is a false positive for this package.	ai	2026/04/22
source-diff	large-new-source-files	AI (source-diff): New files are source maps and parser/plugin JS files consistent with a major version bump (7.18.11→7.22.5). Expected growth for a JavaScript parser adding new language features.	ai	2026/04/22
publish-pattern	new-deps-added	AI (publish-pattern): @babel/types is a core Babel package added only for type definitions (explicitly documented in package.json). Not a functional runtime dependency and not an attack vector.	ai	2026/04/22
provenance	publisher-changed	AI (provenance): Babel project transitioned to GitHub Actions CI/CD publishing — a security improvement over individual account publishing. Consistent with official babel/babel monorepo governance.	ai	2026/04/22
provenance	no-provenance	AI (provenance): Babel publishes via GitHub Actions CI without Sigstore attestation; this is consistent across all @babel/* packages and is not a risk indicator.	ai	2026/04/21
typosquat	typosquat.levenshtein:parcel	AI (typosquat): @babel/parser is the official Babel JS parser under the @babel scope — a completely distinct, well-established package from 'parcel'. Levenshtein match is a stable false positive for this package.	ai	2026/04/21

Versions (showing 51 of 199)

Show 4 prereleases View all versions

Version	Deps	Published
7.29.3	1 / 6	2026-04-30
7.29.2	1 / 6	2026-03-16
7.29.0	1 / 6	2026-01-31
7.28.6	1 / 6	2026-01-12
7.28.5	1 / 6	2025-10-23
7.28.4	1 / 6	2025-09-05
7.28.3	1 / 6	2025-08-14
7.28.0	1 / 6	2025-07-02
7.27.7	1 / 6	2025-06-26
7.27.5	1 / 6	2025-06-03
7.27.4	1 / 6	2025-05-30
7.27.3	1 / 6	2025-05-27
7.27.2	1 / 6	2025-05-06
7.27.1	1 / 6	2025-04-30
7.27.0	1 / 6	2025-03-24
7.26.10	1 / 6	2025-03-11
7.26.9	1 / 6	2025-02-14
7.26.8	1 / 6	2025-02-08
7.26.7	1 / 6	2025-01-24
7.26.5	1 / 6	2025-01-10
7.26.3	1 / 6	2024-12-04
7.26.2	1 / 6	2024-10-30
7.26.1	1 / 6	2024-10-25
7.26.0	1 / 6	2024-10-25
7.25.9	1 / 6	2024-10-22
7.25.8	1 / 6	2024-10-10
7.25.7	1 / 6	2024-10-02
7.25.6	1 / 6	2024-08-29
7.25.4	1 / 6	2024-08-22
7.25.3	1 / 6	2024-07-31
7.25.0	0 / 7	2024-07-26
7.24.8	0 / 7	2024-07-11
7.24.7	0 / 7	2024-06-05
7.24.6	0 / 7	2024-05-24
7.24.5	0 / 6	2024-04-29
7.24.4	0 / 6	2024-04-03
7.24.1	0 / 6	2024-03-19
7.24.0	0 / 6	2024-02-28
7.23.9	0 / 6	2024-01-25
7.23.6	0 / 6	2023-12-11
7.23.5	0 / 6	2023-11-29
7.23.4	0 / 6	2023-11-20
7.23.3	0 / 6	2023-11-09
7.23.0	0 / 6	2023-09-25
7.22.16	0 / 6	2023-09-06
7.22.15	0 / 6	2023-09-04
7.22.14	0 / 6	2023-08-30
7.22.13	0 / 6	2023-08-28
7.22.11	0 / 6	2023-08-24
7.22.10	0 / 6	2023-08-07
7.22.7	0 / 6	2023-07-06