@xenova/transformers — Greenflagged

State-of-the-art Machine Learning for the web. Run 🤗 Transformers directly in your browser, with no need for a server!

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

xenova

Keywords

transformerstransformers.jshuggingfacehugging facemachine learningdeep learningartificial intelligenceAIML

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
publish-pattern	new-deps-added	AI (publish-pattern): New deps (jimp, onnxruntime-node) are established packages aligned with transformers.js functionality; no suspicious patterns.	ai	2026/04/22
dependencies	unvetted-dep:jimp	AI (dependencies): jimp is a standard image processing library; reasonable addition for transformers image handling.	ai	2026/04/22
semgrep	semgrep:base64-decode	AI (semgrep): Base64 decoding is legitimate image data processing in transformers pipeline, not payload obfuscation.	ai	2026/04/22
dependencies	unvetted-dep:onnxruntime-node	AI (dependencies): onnxruntime-node is Microsoft's official ONNX Runtime Node.js binding, expected and appropriate for an ML inference library like transformers.js. Listed as optional dep, browser-excluded.	ai	2026/04/22
dependencies	unvetted-dep:sharp	AI (dependencies): sharp is a canonical image processing library; its use in transformers.js is legitimate and expected for ML workflows.	ai	2026/04/21
dependencies	unvetted-dep:onnxruntime-web	AI (dependencies): onnxruntime-web is Microsoft's official ONNX Runtime for browser inference — the core inference engine for transformers.js. Its use is fundamental and expected.	ai	2026/04/21
provenance	no-provenance	AI (provenance): Established package with clean history; provenance absence is acceptable for this publisher's track record.	ai	2026/04/21

Versions (showing 51 of 70)

View all versions

Version	Deps	Published
2.17.2	3 / 11	2024-05-29
2.17.1	3 / 11	2024-04-18
2.17.0	3 / 11	2024-04-11
2.16.1	3 / 11	2024-03-20
2.16.0	3 / 11	2024-03-07
2.15.1	3 / 11	2024-02-21
2.15.0	3 / 11	2024-02-06
2.14.2	3 / 11	2024-01-29
2.14.1	3 / 11	2024-01-25
2.14.0	3 / 11	2024-01-10
2.13.4	3 / 11	2024-01-04
2.13.3	3 / 11	2024-01-04
2.13.2	3 / 11	2024-01-03
2.13.1	3 / 11	2024-01-03
2.13.0	3 / 11	2023-12-27
2.12.1	3 / 11	2023-12-18
2.12.0	2 / 11	2023-12-18
2.11.0	2 / 11	2023-12-13
2.10.1	2 / 11	2023-12-06
2.10.0	2 / 11	2023-12-05
2.9.0	2 / 11	2023-11-21
2.8.0	2 / 11	2023-11-09
2.7.0	2 / 11	2023-10-23
2.6.2	2 / 11	2023-09-27
2.6.1	2 / 11	2023-09-18
2.6.0	2 / 11	2023-09-08
2.5.4	3 / 11	2023-08-28
2.5.3	3 / 11	2023-08-22
2.5.2	3 / 11	2023-08-14
2.5.1	3 / 11	2023-08-09
2.5.0	3 / 11	2023-08-01
2.4.4	3 / 11	2023-07-28
2.4.3	3 / 11	2023-07-27
2.4.2	3 / 11	2023-07-22
2.4.1	3 / 11	2023-07-11
2.4.0	3 / 11	2023-07-09
2.3.1	3 / 11	2023-07-01
2.3.0	3 / 11	2023-06-22
2.2.0	3 / 10	2023-06-09
2.1.1	3 / 10	2023-06-02
2.1.0	3 / 10	2023-06-01
2.0.2	3 / 10	2023-05-29
2.0.1	3 / 10	2023-05-20
2.0.0	3 / 10	2023-05-17
1.4.3	3 / 5	2023-04-22
1.4.2	3 / 5	2023-04-11
1.4.1	3 / 5	2023-04-06
1.4.0	3 / 5	2023-04-04
1.3.5	3 / 4	2023-03-29
1.3.4	3 / 4	2023-03-23
1.3.3	3 / 4	2023-03-23