@bazel/runfiles Apache-2.0 45 versions

@bazel/runfiles

npm Repository Homepage

Node.js runfiles helpers for Bazel

45

Versions

Apache-2.0

License

No

Install Scripts

Missing

Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

google-wombotalexeaglebazel-managergmags

Keywords

bazelrunfilesrunfiles helpers

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
semgrep	semgrep:dynamic-require	AI (semgrep): Dynamic require in runfiles.js is the documented Bazel runfiles patch mechanism, loading a path derived from Bazel environment variables. This is intentional and stable for this package.	ai	2026/04/21
bogus-package	bogus-package	AI (bogus-package): No npm deps is expected for a Bazel integration utility; sparse README is a documentation style choice, not a spam indicator for this established package.	ai	2026/04/21

Versions (showing 45 of 45)

Version	Deps	Published
6.5.0	0 / 0	2025-09-12
6.3.1	0 / 0	2024-10-13
6.3.0	0 / 0	2024-09-18
5.8.1	0 / 0	2023-02-16
5.7.3	0 / 0	2022-12-09
5.7.2	0 / 0	2022-11-27
5.7.1	0 / 0	2022-10-26
5.7.0	0 / 0	2022-10-06
5.6.0	0 / 0	2022-09-27
5.5.4	0 / 0	2022-09-10
5.5.3	0 / 0	2022-08-01
5.5.2	0 / 0	2022-07-10
5.5.1	0 / 0	2022-06-24
5.5.0	0 / 0	2022-05-18
5.4.2	0 / 0	2022-04-29
5.4.1	0 / 0	2022-04-25
5.4.0	0 / 0	2022-04-06
5.3.1	0 / 0	2022-03-29
5.3.0	0 / 0	2022-03-20
5.2.0	0 / 0	2022-03-01
5.1.0	0 / 0	2022-02-02
5.0.2	0 / 0	2022-01-27
5.0.1	0 / 0	2022-01-24
5.0.0	0 / 0	2022-01-20
4.6.2	0 / 0	2022-02-15
4.6.1	0 / 0	2022-01-13
4.6.0	0 / 0	2022-01-06
4.5.0	0 / 0	2021-12-16
4.4.6	0 / 0	2021-11-23
4.4.5	0 / 0	2021-11-11
4.4.2	0 / 0	2021-10-28
4.4.0	0 / 0	2021-10-11
4.3.0	0 / 0	2021-09-28
4.2.0	0 / 0	2021-09-17
4.1.0	0 / 0	2021-09-10
4.0.0	0 / 0	2021-08-24
3.8.0	0 / 0	2021-08-12
3.7.0	0 / 0	2021-07-02
3.6.0	0 / 0	2021-06-09
3.5.1	0 / 0	2021-05-25
3.5.0	0 / 0	2021-05-11
3.4.2	0 / 0	2021-04-28
3.4.1	0 / 0	2021-04-22
3.4.0	0 / 0	2021-04-14
3.3.0	0 / 0	2021-04-08

v4.6.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.6.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.5.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.4.6

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.4.5

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.4.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.4.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.3.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.2.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.1.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.8.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.7.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.6.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.5.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.5.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.4.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.4.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.4.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.3.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.