@langchain/textsplitters

Various implementations of LangChain.js text splitters

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

hwchase17jacoblee93basprouleric_langchainandrewnguonlynfcamposdavidduongmaddyadamssam_noyeshntrlchristian-bromann

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): hntrl is a known LangChain org contributor with strong track record; package.json still references official langchain-ai GitHub org. Legitimate maintainer transition.	ai	2026/04/23
maintainer-change	maintainer-added	AI (maintainer-change): New maintainers (eric_langchain, hntrl, christian-bromann) are consistent with LangChain org team rotation; package metadata still points to official repo.	ai	2026/04/23
maintainer-change	maintainer-removed	AI (maintainer-change): Removal of vbarda and sullivan-sean is consistent with an org-level maintainer rotation, not a hostile takeover. Official repo URL unchanged.	ai	2026/04/23
npm-metadata	suspicious-initial-version	AI (npm-metadata): 0.0.0 is the established initial version pattern for @langchain/* monorepo packages published by the official LangChain team; not indicative of malicious intent.	ai	2026/04/22
dependencies	unvetted-dep:js-tiktoken	AI (dependencies): js-tiktoken is a standard tokenizer library expected in LangChain text splitting packages; stable legitimate dependency for this package.	ai	2026/04/21

Show 1 prerelease

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.