@nx/js — Greenflagged

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

nrwlownernrwl-jasonjack-nrwlmaxklessjameshenry

Keywords

MonorepoWebNodeSwcTscCLIFront-endBackend

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
typosquat	typosquat.levenshtein:joi	AI (typosquat): Scoped Nx package; no impersonation of joi.	ai	2026/04/29
typosquat	typosquat.levenshtein:ajv	AI (typosquat): Scoped Nx package; no impersonation of ajv.	ai	2026/04/29
typosquat	typosquat.levenshtein:qs	AI (typosquat): @nx/js is a scoped Nx package, not a typosquat of 'qs'; Levenshtein match is a false positive.	ai	2026/04/29
typosquat	typosquat.levenshtein:jest	AI (typosquat): Scoped Nx package; no impersonation of jest.	ai	2026/04/29
typosquat	typosquat.levenshtein:pg	AI (typosquat): Scoped Nx package; no impersonation of pg.	ai	2026/04/29
typosquat	typosquat.levenshtein:rxjs	AI (typosquat): Scoped Nx package; no impersonation of rxjs.	ai	2026/04/29
semgrep	semgrep:env-spread	AI (semgrep): Node executor passing process.env to child processes is standard and expected for a build tool.	ai	2026/04/29
semgrep	semgrep:child-process-import	AI (semgrep): kill-tree utility legitimately uses child_process; expected in a Node executor framework.	ai	2026/04/29
semgrep	semgrep:new-function-constructor	AI (semgrep): Used to create a dynamic ESM import helper to avoid TS transformation; well-known pattern, not arbitrary code execution.	ai	2026/04/29
semgrep	semgrep:dynamic-require	AI (semgrep): Loading user-specified TypeScript transformer plugins by resolved path; expected plugin-loader pattern for a build tool.	ai	2026/04/29
phantom-deps	phantom-dep:@babel/core	AI (phantom-deps): @babel/core is a declared dependency in package.json; phantom-dep heuristic false positive.	ai	2026/04/29

Versions (showing 51 of 51)

Version	Deps	Published
22.7.5	26 / 1	2026-05-27
22.7.4	26 / 1	2026-05-25
22.7.3	26 / 1	2026-05-22
22.7.2	26 / 1	2026-05-14
22.7.1	26 / 1	2026-04-28
22.7.0	26 / 1	2026-04-24
22.6.5	26 / 1	2026-04-10
22.6.4	26 / 1	2026-04-01
22.6.3	26 / 1	2026-03-27
22.6.2	26 / 1	2026-03-26
22.6.1	26 / 1	2026-03-20
22.6.0	26 / 1	2026-03-18
22.5.4	26 / 1	2026-03-04
22.5.3	26 / 1	2026-02-26
22.5.2	26 / 1	2026-02-20
22.5.1	26 / 1	2026-02-13
22.5.0	26 / 1	2026-02-09
22.4.5	26 / 1	2026-02-03
22.4.4	26 / 1	2026-01-30
22.4.3	26 / 1	2026-01-29
22.4.2	26 / 1	2026-01-26
22.4.1	26 / 1	2026-01-22
22.4.0	26 / 1	2026-01-21
22.3.3	26 / 1	2025-12-19
22.3.2	26 / 1	2025-12-19
22.3.1	26 / 1	2025-12-18
22.3.0	26 / 1	2025-12-17
22.2.7	26 / 1	2025-12-16
22.2.6	26 / 1	2025-12-16
22.2.5	26 / 1	2025-12-16
22.2.4	26 / 1	2025-12-15
22.2.3	26 / 1	2025-12-12
22.2.2	26 / 1	2025-12-12
22.2.1	26 / 1	2025-12-11
22.2.0	26 / 1	2025-12-08
22.1.3	26 / 1	2025-11-27
22.1.2	26 / 1	2025-11-26
22.1.1	26 / 1	2025-11-22
22.1.0	26 / 1	2025-11-19
22.0.4	26 / 1	2025-11-17
22.0.3	26 / 1	2025-11-10
22.0.2	26 / 1	2025-10-28
22.0.1	26 / 1	2025-10-22
22.0.0	26 / 1	2025-10-22
21.6.11	29 / 1	2026-04-17
21.6.10	29 / 1	2025-11-27
21.6.9	29 / 1	2025-11-18
21.6.8	29 / 1	2025-10-30
21.3.12	29 / 0	2026-02-11
20.8.4	29 / 0	2026-01-12
20.8.3	29 / 0	2025-11-21