@babel/types — Greenflagged

Babel Types is a Lodash-esque utility library for AST nodes

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

hzooexistentialismnicolo-ribaudojlhwung

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	obfuscated-file:lib/index-ts3.7.d.ts	AI (source-diff): lib/index-ts3.7.d.ts is an auto-generated TypeScript declaration file explicitly referenced in typesVersions; long lines are a known artifact of generated .d.ts files, not obfuscation.	ai	2026/04/22
maintainer-change	maintainer-removed	AI (maintainer-change): Maintainer transition within Babel project is consistent with known ecosystem patterns; no takeover indicators.	ai	2026/04/21
source-diff	large-new-source-files	AI (source-diff): @babel/types tracks JS/TS AST evolution; adding many new type/helper files across many semver versions is expected for this package.	ai	2026/04/21
source-diff	obfuscated-file:lib/index-legacy.d.ts	AI (source-diff): File is explicitly autogenerated TypeScript definitions (per header comment), not obfuscated code. Long lines are expected in generated type definitions.	ai	2026/04/21
provenance	missing-githead	AI (provenance): Large monorepo with established publisher; missing gitHead reflects CI/CD pipeline changes, not a supply chain compromise. Consistent with Babel's publish history.	ai	2026/04/21
publish-pattern	new-deps-added	AI (publish-pattern): New dependency is @babel/helper-validator-identifier, a sibling Babel package; legitimate refactoring.	ai	2026/04/21
maintainer-change	maintainer-added	AI (maintainer-change): jlhwung is an established Babel maintainer with strong track record; transition is legitimate.	ai	2026/04/21
bogus-package	bogus-package	AI (bogus-package): False positives for monorepo package; mass-production signal reflects Babel's structure, not spam.	ai	2026/04/21
provenance	publisher-changed	AI (provenance): Publisher change (jlhwung → nicolo-ribaudo) reflects legitimate Babel maintainer transition, not account compromise.	ai	2026/04/21
provenance	no-provenance	AI (provenance): @babel/types is a well-established core Babel package; lack of Sigstore provenance is not a risk signal here.	ai	2026/04/21
dependencies	unvetted-dep:to-fast-properties	AI (dependencies): to-fast-properties is a long-standing, benign dependency of @babel/types used across the Babel ecosystem; no security concern.	ai	2026/04/21

Versions (showing 51 of 138)

Show 4 prereleases View all versions

Version	Deps	Published
7.29.0	2 / 3	2026-01-31
7.28.6	2 / 3	2026-01-12
7.28.5	2 / 3	2025-10-23
7.28.4	2 / 3	2025-09-05
7.28.2	2 / 3	2025-07-24
7.28.1	2 / 3	2025-07-12
7.28.0	2 / 3	2025-07-02
7.27.7	2 / 3	2025-06-26
7.27.6	2 / 3	2025-06-05
7.27.3	2 / 3	2025-05-27
7.27.1	2 / 3	2025-04-30
7.27.0	2 / 3	2025-03-24
7.26.10	2 / 3	2025-03-11
7.26.9	2 / 3	2025-02-14
7.26.8	2 / 3	2025-02-08
7.26.7	2 / 3	2025-01-24
7.26.5	2 / 3	2025-01-10
7.26.3	2 / 3	2024-12-04
7.26.0	2 / 3	2024-10-25
7.25.9	2 / 3	2024-10-22
7.25.8	3 / 3	2024-10-10
7.25.7	3 / 3	2024-10-02
7.25.6	3 / 3	2024-08-29
7.25.4	3 / 3	2024-08-22
7.25.2	3 / 3	2024-07-30
7.25.0	3 / 3	2024-07-26
7.24.9	3 / 3	2024-07-15
7.24.8	3 / 3	2024-07-11
7.24.7	3 / 3	2024-06-05
7.24.6	3 / 3	2024-05-24
7.24.5	3 / 3	2024-04-29
7.24.0	3 / 3	2024-02-28
7.23.9	3 / 3	2024-01-25
7.23.6	3 / 3	2023-12-11
7.23.5	3 / 3	2023-11-29
7.23.4	3 / 3	2023-11-20
7.23.3	3 / 3	2023-11-09
7.23.0	3 / 3	2023-09-25
7.22.19	3 / 3	2023-09-14
7.22.17	3 / 3	2023-09-08
7.22.15	3 / 3	2023-09-04
7.22.11	3 / 3	2023-08-24
7.22.10	3 / 3	2023-08-07
7.22.5	3 / 4	2023-06-08
7.22.4	3 / 4	2023-05-29
7.22.3	3 / 4	2023-05-27
7.22.0	3 / 4	2023-05-26
7.21.5	3 / 4	2023-04-28
7.21.4	3 / 4	2023-03-31
7.21.3	3 / 4	2023-03-14
7.21.2	3 / 4	2023-02-23