← Home

@commercetools-frontend/babel-preset-mc-app

npm Repository Homepage

Babel preset used by a MC application

26
Versions
MIT
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

tdeekensemmenkocommercetools-admin

Keywords

javascriptfrontendreacttoolkit

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
provenance publisher-changed AI (provenance): commercetools-admin → GitHub Actions is a documented CI/CD migration; SLSA attestation confirms automated publish pipeline. ai
publish-pattern new-deps-added AI (publish-pattern): babel-plugin-istanbul is a well-known coverage plugin; addition is benign for a babel preset package. ai
phantom-deps phantom-dep:core-js AI (phantom-deps): core-js is a known implicit runtime dependency for Babel presets; stable pattern. ai
phantom-deps phantom-dep:@babel/core AI (phantom-deps): Babel preset convention; @babel/core loaded by framework, not direct import. ai
phantom-deps phantom-dep:@babel/runtime AI (phantom-deps): Babel runtime loaded by convention in preset; stable for this package. ai
phantom-deps phantom-dep:@babel/runtime-corejs3 AI (phantom-deps): Babel runtime variant loaded by convention; stable for this package. ai

Versions (showing 26 of 26)

Version Deps Published
27.6.2 25 / 0
27.6.1 25 / 0
27.6.0 25 / 0
27.5.4 25 / 0
27.5.3 25 / 0
27.5.2 25 / 0
27.5.1 25 / 0
27.5.0 25 / 0
27.4.2 25 / 0
27.4.1 25 / 0
27.4.0 25 / 0
27.3.0 25 / 0
27.2.0 25 / 0
27.1.0 25 / 0
27.0.0 25 / 0
26.1.0 25 / 0
26.0.2 25 / 0
26.0.1 25 / 0
26.0.0 25 / 0
25.2.0 26 / 0
25.1.0 27 / 0
25.0.0 27 / 0
24.13.0 27 / 0
24.12.0 27 / 0
24.11.0 26 / 0
24.10.0 26 / 0

v27.6.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v27.6.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v27.6.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v27.5.4

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v27.5.3

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v27.5.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v27.5.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v27.5.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v27.4.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v27.4.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v27.3.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v27.2.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v27.1.0

2 findings
HIGH Publisher changed: commercetools-admin → GitHub Actions (on 2026-03-23) provenance

This version was published by a different npm account than previous versions on 2026-03-23. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v27.0.0

2 findings
HIGH Publisher changed: commercetools-admin → GitHub Actions (on 2026-03-11) provenance

This version was published by a different npm account than previous versions on 2026-03-11. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v26.1.0

2 findings
HIGH Publisher changed: commercetools-admin → GitHub Actions (on 2026-02-25) provenance

This version was published by a different npm account than previous versions on 2026-02-25. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v26.0.2

2 findings
HIGH Publisher changed: commercetools-admin → GitHub Actions (on 2026-02-23) provenance

This version was published by a different npm account than previous versions on 2026-02-23. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v26.0.1

2 findings
HIGH Publisher changed: commercetools-admin → GitHub Actions (on 2026-02-19) provenance

This version was published by a different npm account than previous versions on 2026-02-19. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v26.0.0

2 findings
HIGH Publisher changed: commercetools-admin → GitHub Actions (on 2026-02-11) provenance

This version was published by a different npm account than previous versions on 2026-02-11. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v25.2.0

2 findings
HIGH Publisher changed: commercetools-admin → GitHub Actions (on 2026-02-04) provenance

This version was published by a different npm account than previous versions on 2026-02-04. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v25.1.0

2 findings
HIGH Publisher changed: commercetools-admin → GitHub Actions (on 2026-01-13) provenance

This version was published by a different npm account than previous versions on 2026-01-13. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v25.0.0

2 findings
HIGH Publisher changed: commercetools-admin → GitHub Actions (on 2026-01-08) provenance

This version was published by a different npm account than previous versions on 2026-01-08. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v24.13.0

2 findings
HIGH Publisher changed: commercetools-admin → GitHub Actions (on 2025-12-15) provenance

This version was published by a different npm account than previous versions on 2025-12-15. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v24.12.0

2 findings
HIGH Publisher changed: commercetools-admin → GitHub Actions (on 2025-12-09) provenance

This version was published by a different npm account than previous versions on 2025-12-09. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v24.11.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v24.10.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.