@datadog/native-appsec
Node.js bindings for libddwaf
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| install-scripts | install-script:install | AI (install-scripts): Install script is a no-op 'exit 0'; prebuilts are bundled directly, no arbitrary code execution. | ai | |
| npm-metadata | bundled-binaries | AI (npm-metadata): Prebuilt .node and .so files are the documented native binaries for this Datadog libddwaf binding, published with SLSA provenance. | ai |
v11.0.1
3 findingsScript: exit 0
Package contains compiled binaries that could be backdoors: • prebuilds/darwin-arm64/node-napi.node • prebuilds/darwin-x64/node-napi.node • prebuilds/linuxglibc-arm64/node-napi.node • prebuilds/linuxglibc-x64/node-napi.node • prebuilds/linuxmusl-arm64/node-napi.node • prebuilds/linuxmusl-x64/node-napi.node • prebuilds/win32-ia32/node-napi.node • prebuilds/win32-x64/node-napi.node • prebuilds/linuxglibc-arm64/libddwaf.so • prebuilds/linuxglibc-x64/libddwaf.so ... and 2 more
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v8.5.2
3 findingsScript: exit 0
Package contains compiled binaries that could be backdoors: • prebuilds/darwin-arm64/node-napi.node • prebuilds/darwin-x64/node-napi.node • prebuilds/linuxglibc-arm64/node-napi.node • prebuilds/linuxglibc-x64/node-napi.node • prebuilds/linuxmusl-arm64/node-napi.node • prebuilds/linuxmusl-x64/node-napi.node • prebuilds/win32-ia32/node-napi.node • prebuilds/win32-x64/node-napi.node • prebuilds/linuxglibc-arm64/libddwaf.so • prebuilds/linuxglibc-x64/libddwaf.so ... and 2 more
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.