@llamaindex/liteparse — Greenflagged

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

emanuelclferreirapreston-runllamayongparkzhaotaicle-does-thingscheesyfishesdisiokadrianlyjak

Keywords

pdfparserocrtext-extractionpdf-to-textdocument-parsing

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
npm-metadata	bundled-binaries	AI (npm-metadata): Package is a napi-rs native module; bundling .node and .so is the expected distribution pattern for this package.	ai	2026/06/10
source-diff	source-size-dropped	AI (source-diff): Major rewrite from JS to Rust/NAPI; JS source replaced by native binary — size drop is expected and explained.	ai	2026/06/10
phantom-deps	phantom-dep:zod	AI (phantom-deps): zod is a declared runtime dep used for schema validation; phantom-dep heuristic misfires here.	ai	2026/05/14
phantom-deps	phantom-dep:unified	AI (phantom-deps): unified is a declared runtime dep for document processing; phantom-dep heuristic misfires here.	ai	2026/05/14

Versions (showing 16 of 16)

Version	Deps	Published
2.0.8	1 / 3	2026-06-11
2.0.7	1 / 3	2026-06-08
2.0.5	1 / 3	2026-06-02
2.0.4	1 / 3	2026-05-30
2.0.3	1 / 3	2026-05-28
2.0.1	1 / 3	2026-05-27
2.0.0	1 / 3	2026-05-25
1.5.3	10 / 13	2026-04-29
1.5.2	10 / 13	2026-04-20
1.5.1	10 / 13	2026-04-17
1.5.0	10 / 13	2026-04-13
1.4.6	10 / 13	2026-04-06
1.4.5	10 / 13	2026-04-06
1.4.4	10 / 13	2026-04-02
1.4.3	10 / 13	2026-04-01
1.4.2	10 / 13	2026-03-30

v2.0.8

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.7

2 findings

HIGH Bundled binary files (2) npm-metadata

Package contains compiled binaries that could be backdoors: • liteparse.linux-x64-gnu.node • libpdfium.so

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.5

2 findings

HIGH Bundled binary files (2) npm-metadata

Package contains compiled binaries that could be backdoors: • liteparse.linux-x64-gnu.node • libpdfium.so

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.4

2 findings

HIGH Bundled binary files (2) npm-metadata

Package contains compiled binaries that could be backdoors: • liteparse.linux-x64-gnu.node • libpdfium.so

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.3

2 findings

HIGH Bundled binary files (2) npm-metadata

Package contains compiled binaries that could be backdoors: • liteparse.linux-x64-gnu.node • libpdfium.so

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.1

2 findings

HIGH Bundled binary files (2) npm-metadata

Package contains compiled binaries that could be backdoors: • liteparse.linux-x64-gnu.node • libpdfium.so

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.0

2 findings

HIGH Bundled binary files (2) npm-metadata

Package contains compiled binaries that could be backdoors: • liteparse.linux-x64-gnu.node • libpdfium.so

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.