pretty-format — Greenflagged

Stringify any JavaScript value.

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

aaronabramovsimenbrickhanloniiopenjs-operationscpojer

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	net-exec-file:build-es5/index.js	AI (source-diff): build-es5/index.js is the documented browser entry point — a UMD bundle with core-js polyfills. The 'network+exec' pattern is the standard global-detection idiom (Function('return this')()) in polyfill code, not malware.	ai	2026/04/21
provenance	missing-githead	AI (provenance): pretty-format is a long-established Jest package; missing gitHead reflects a publish environment change, not a security concern. Stable false positive for this package.	ai	2026/04/21
phantom-deps	phantom-dep:@jest/types	AI (phantom-deps): Framework-scoped Jest package loaded by convention; phantom status is expected and benign.	ai	2026/04/21
source-diff	source-size-tripled	AI (source-diff): Legitimate growth from v22 to v24; consistent with feature additions and build artifacts.	ai	2026/04/21
dependencies	unvetted-dep:@jest/types	AI (dependencies): @jest/types is a core Jest package; unvetted status is expected for internal monorepo dependencies.	ai	2026/04/21
source-diff	large-new-source-files	AI (source-diff): Expected growth for a two-version bump with feature additions; no evidence of injected code.	ai	2026/04/21
maintainer-change	maintainer-takeover	AI (maintainer-change): The maintainer transition reflects the well-documented handoff of the Jest project to the Facebook/Meta team. The new maintainers (simenb, aaronabramov, fb, etc.) are the official Jest maintainers at Facebook. This is not a hijack.	ai	2026/04/21
provenance	no-provenance	AI (provenance): Provenance absence is expected for packages predating Sigstore adoption; not a security risk.	ai	2026/04/21
provenance	publisher-changed	AI (provenance): Publisher change reflects documented Jest maintainer transition in 2020; stable for this package.	ai	2026/04/21
maintainer-change	maintainer-added	AI (maintainer-change): Maintainer additions are part of documented Jest project transition; stable for this package.	ai	2026/04/21
maintainer-change	maintainer-removed	AI (maintainer-change): Maintainer removal is part of documented Jest project transition; stable for this package.	ai	2026/04/21
publish-pattern	new-deps-added	AI (publish-pattern): New dependencies are all established packages appropriate for a formatting utility.	ai	2026/04/21
semgrep	semgrep:new-function-constructor	AI (semgrep): new Function() is in a performance test with explicit eslint-disable; legitimate test case, not code execution risk.	ai	2026/04/21
dependencies	unvetted-dep:@jest/schemas	AI (dependencies): @jest/schemas is a first-party Jest monorepo package versioned in lockstep with pretty-format; not a suspicious third-party dependency.	ai	2026/04/21

Versions (showing 51 of 131)

Show 5 prereleases View all versions

Version	Deps	Published
30.3.0	3 / 8	2026-03-10
30.2.0	3 / 8	2025-09-28
30.0.5	3 / 8	2025-07-22
30.0.2	3 / 8	2025-06-19
30.0.1	3 / 8	2025-06-18
30.0.0	3 / 8	2025-06-10
29.7.0	3 / 8	2023-09-12
29.6.3	3 / 8	2023-08-21
29.6.2	3 / 8	2023-07-27
29.6.1	3 / 8	2023-07-06
29.6.0	3 / 8	2023-07-04
29.5.0	3 / 8	2023-03-06
29.4.3	3 / 8	2023-02-15
29.4.2	3 / 8	2023-02-07
29.4.1	3 / 8	2023-01-26
29.4.0	3 / 8	2023-01-24
29.3.1	3 / 8	2022-11-08
29.2.1	3 / 8	2022-10-18
29.2.0	3 / 8	2022-10-14
29.1.2	3 / 8	2022-09-30
29.1.0	3 / 8	2022-09-28
29.0.3	3 / 9	2022-09-10
29.0.2	3 / 9	2022-09-03
29.0.1	3 / 9	2022-08-26
29.0.0	3 / 9	2022-08-25
28.1.3	4 / 9	2022-07-13
28.1.1	4 / 9	2022-06-07
28.1.0	4 / 9	2022-05-06
28.0.2	4 / 9	2022-04-27
28.0.1	4 / 9	2022-04-26
28.0.0	4 / 9	2022-04-25
27.5.1	3 / 8	2022-02-08
27.5.0	3 / 8	2022-02-05
27.4.6	3 / 8	2022-01-04
27.4.2	4 / 8	2021-11-30
27.4.1	4 / 8	2021-11-30
27.4.0	4 / 8	2021-11-29
27.3.1	4 / 8	2021-10-19
27.3.0	4 / 8	2021-10-17
27.2.5	4 / 8	2021-10-08
27.2.4	4 / 8	2021-09-29
27.2.3	4 / 8	2021-09-28
27.2.2	4 / 8	2021-09-25
27.2.0	4 / 8	2021-09-13
27.1.1	4 / 8	2021-09-08
27.1.0	4 / 8	2021-08-27
27.0.6	4 / 8	2021-06-28
27.0.2	4 / 8	2021-05-29
27.0.1	4 / 8	2021-05-25
27.0.0	4 / 8	2021-05-25
26.6.2	4 / 8	2020-11-02