Jest

registrynpm

package namejest

maintainerMeta

Jest is the most widely used JavaScript test runner, used for unit and integration testing in React, Node.js, and TypeScript projects. It runs test files in a sandboxed Node.js environment and is a standard part of CI/CD pipelines. Jest transform plugins can execute code during test file loading.

api usage

Checking Jest

jest 29.7.0 is a clean version with no known supply chain compromise. The response returns compromised: false with an empty sources array.

bash

curl "https://api.attestd.io/v1/check?product=jest&version=29.7.0" \
  -H "Authorization: Bearer YOUR_API_KEY"

json

{
  "product": "jest",
  "version": "29.7.0",
  "supported": true,
  "risk_state": "none",
  "supply_chain": {
    "compromised": false,
    "sources": [],
    "malware_type": null,
    "description": null,
    "advisory_url": null,
    "compromised_at": null,
    "removed_at": null
  },
  "last_updated": "2026-05-01T00:00:00Z"
}

attack surface

Why this package is monitored

Test runner packages execute in CI/CD environments that have access to deployment credentials, cloud provider tokens, and environment secrets. A compromised Jest version or transformer can read and exfiltrate environment variables during any test run.

Attestd monitors jest using the following detection sources:

registry

Manually curated advisories in the Attestd registry, verified by a human analyst. Confidence 1.0.

osv

OSV.dev malicious-package advisories with IDs prefixed MAL-. Confidence 0.95.

npm_deprecation

npm package versions with deprecation messages containing targeted attack language such as malicious, backdoor, or compromised. Confidence 0.80.

Supply chain overview All npm packages TypeScript ESLint Vite Response fields