@ngx-translate/core
Translation library (i18n) for Angular
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:tslib | AI (phantom-deps): tslib is a declared dep consumed implicitly by TypeScript-compiled output; stable FP. | ai | |
| source-diff | obfuscated-file:dist/esm2022/public-api.mjs | AI (source-diff): Standard Angular ESM2022 compiled output with long decorator metadata lines; not obfuscated. | ai | |
| source-diff | obfuscated-file:dist/esm2022/lib/translate.directive.mjs | AI (source-diff): Standard Angular ESM2022 compiled output; readable code with long ɵɵ decorator lines. | ai | |
| source-diff | obfuscated-file:dist/esm2022/lib/translate.parser.mjs | AI (source-diff): Standard Angular ESM2022 compiled output; readable code with long ɵɵ decorator lines. | ai | |
| source-diff | obfuscated-file:dist/esm2022/lib/translate.service.mjs | AI (source-diff): Standard Angular ESM2022 compiled output; readable code with long ɵɵ decorator lines. | ai | |
| source-diff | obfuscated-file:dist/esm2022/lib/translate.pipe.mjs | AI (source-diff): Standard Angular ESM2022 compiled output; readable code with long ɵɵ decorator lines. | ai | |
| source-diff | obfuscated-file:dist/esm2022/lib/util.mjs | AI (source-diff): Standard Angular ESM2022 compiled output; readable utility functions with long decorator lines. | ai | |
| source-diff | obfuscated-file:esm2020/lib/translate.service.mjs | AI (source-diff): Angular compiler output with long decorator metadata lines; clearly readable source code. Stable FP for this package. | ai | |
| source-diff | obfuscated-file:esm2020/public_api.mjs | AI (source-diff): Angular compiler (ngc) output produces long lines from decorator metadata; readable source, not obfuscated. Stable FP for Angular libraries. | ai | |
| source-diff | obfuscated-file:esm2020/lib/translate.directive.mjs | AI (source-diff): Angular compiler output with long decorator metadata lines; clearly readable source code. Stable FP for this package. | ai | |
| source-diff | obfuscated-file:esm2020/lib/translate.parser.mjs | AI (source-diff): Angular compiler output with long decorator metadata lines; clearly readable source code. Stable FP for this package. | ai | |
| source-diff | obfuscated-file:esm2020/lib/translate.pipe.mjs | AI (source-diff): Angular compiler output with long decorator metadata lines; clearly readable source code. Stable FP for this package. | ai | |
| source-diff | obfuscated-file:esm2020/lib/util.mjs | AI (source-diff): Angular compiler output with long lines; clearly readable utility functions. Stable FP for this package. | ai | |
| source-diff | obfuscated-file:fesm5/ngx-translate-core.js | AI (source-diff): Flat ESM bundle from Angular Package Format, not obfuscated. | ai | |
| source-diff | large-new-source-files | AI (source-diff): Major version bump adopted Angular Package Format v6, adding esm5/esm2015/fesm directories. Expected. | ai | |
| source-diff | source-size-tripled | AI (source-diff): Size increase from adopting Angular Package Format v6 with multiple module targets. Expected for this package. | ai | |
| source-diff | obfuscated-file:esm2015/lib/translate.service.js | AI (source-diff): Standard tsickle-compiled Angular library output, not obfuscated. | ai | |
| source-diff | obfuscated-file:esm2015/lib/translate.directive.js | AI (source-diff): Standard tsickle-compiled Angular library output, not obfuscated. Long lines are normal APF artifact. | ai | |
| source-diff | obfuscated-file:esm2015/lib/translate.parser.js | AI (source-diff): Standard tsickle-compiled Angular library output, not obfuscated. | ai | |
| source-diff | obfuscated-file:esm2015/lib/translate.pipe.js | AI (source-diff): Standard tsickle-compiled Angular library output, not obfuscated. | ai | |
| source-diff | obfuscated-file:esm2015/lib/util.js | AI (source-diff): Standard tsickle-compiled Angular library output, not obfuscated. | ai | |
| source-diff | obfuscated-file:esm2015/public_api.js | AI (source-diff): Standard tsickle-compiled Angular library output, not obfuscated. | ai | |
| source-diff | obfuscated-file:esm5/lib/translate.directive.js | AI (source-diff): Standard tsickle-compiled Angular library output (ES5 target), not obfuscated. | ai | |
| source-diff | obfuscated-file:esm5/lib/translate.parser.js | AI (source-diff): Standard tsickle-compiled Angular library output (ES5 target), not obfuscated. | ai | |
| source-diff | obfuscated-file:esm5/lib/translate.pipe.js | AI (source-diff): Standard tsickle-compiled Angular library output (ES5 target), not obfuscated. | ai | |
| source-diff | obfuscated-file:esm5/lib/translate.service.js | AI (source-diff): Standard tsickle-compiled Angular library output (ES5 target), not obfuscated. | ai | |
| source-diff | obfuscated-file:esm5/lib/util.js | AI (source-diff): Standard tsickle-compiled Angular library output (ES5 target), not obfuscated. | ai | |
| source-diff | obfuscated-file:esm5/public_api.js | AI (source-diff): Standard tsickle-compiled Angular library output (ES5 target), not obfuscated. | ai | |
| source-diff | obfuscated-file:fesm2015/ngx-translate-core.js | AI (source-diff): Flat ESM bundle from Angular Package Format, not obfuscated. | ai | |
| provenance | no-provenance | AI (provenance): Package predates Sigstore provenance adoption; established maintainer with clean history. | ai | |
| typosquat | typosquat.levenshtein:cors | AI (typosquat): False positive: @ngx-translate/core is a legitimate scoped Angular i18n library with no relation to 'cors'. The levenshtein match is purely mechanical and not indicative of impersonation. | ai |
Versions (showing 31 of 31)
| Version | Deps | Published |
|---|---|---|
| 18.0.0 | 1 / 0 | |
| 17.0.0 | 1 / 0 | |
| 16.0.4 | 1 / 0 | |
| 16.0.3 | 1 / 0 | |
| 16.0.1 | 1 / 0 | |
| 16.0.0 | 1 / 0 | |
| 15.0.0 | 0 / 6 | |
| 14.0.0 | 1 / 0 | |
| 13.0.0 | 1 / 0 | |
| 12.1.2 | 0 / 0 | |
| 12.1.1 | 1 / 0 | |
| 12.1.0 | 1 / 0 | |
| 12.0.0 | 1 / 1 | |
| 11.0.1 | 1 / 1 | |
| 11.0.0 | 1 / 1 | |
| 10.0.2 | 1 / 1 | |
| 10.0.1 | 1 / 1 | |
| 10.0.0 | 1 / 1 | |
| 9.1.1 | 0 / 1 | |
| 9.1.0 | 0 / 1 | |
| 9.0.2 | 0 / 1 | |
| 9.0.1 | 0 / 1 | |
| 9.0.0 | 0 / 1 | |
| 8.0.0 | 0 / 40 | |
| 7.2.2 | 0 / 40 | |
| 7.2.1 | 0 / 40 | |
| 7.2.0 | 0 / 40 | |
| 7.1.0 | 0 / 40 | |
| 7.0.0 | 0 / 40 | |
| 6.0.1 | 0 / 40 | |
| 6.0.0 | 0 / 39 |
v18.0.0
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: andreasloew.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v16.0.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v16.0.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v16.0.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v16.0.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v15.0.0
8 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: ocombe.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v14.0.0
8 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: ocombe.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v13.0.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v12.1.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v12.1.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v12.1.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v12.0.0
13 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v11.0.1
15 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v11.0.0
15 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.0.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.0.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v10.0.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v9.1.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v9.1.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v9.0.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v9.0.1
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: ocombe.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v9.0.0
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: ocombe.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v8.0.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.2.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.2.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.2.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.1.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.0.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.0.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v6.0.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.