@napi-rs/snappy-linux-x64-gnu

Fastest Snappy compression library in Node.js

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

broooooklynforehalo

Keywords

snappysnapcompressioncompressnapi-rsNAPIN-APIRustNode-APInode-addonnode-addon-api

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Publisher changed to GitHub Actions as part of CI/CD automation with SLSA provenance. This is a supply chain hardening measure, not a compromise signal, for this package.	ai	2026/04/24
provenance	slsa-provenance	AI (provenance): Package has SLSA provenance attestation via Sigstore; CI/CD publishing is the intended model for this napi-rs platform binary package.	ai	2026/04/24
publish-pattern	dormant-publish	AI (publish-pattern): Platform-specific binary shards of napi-rs packages are only republished when the parent package releases; long dormancy is expected and not a takeover indicator here.	ai	2026/04/24
npm-metadata	bundled-binaries	AI (npm-metadata): This package's sole purpose is to ship a precompiled napi-rs .node binary for Linux x64 GNU. Bundled binary is expected and intentional for this platform-specific sub-package.	ai	2026/04/24
bogus-package	bogus-package	AI (bogus-package): Platform-specific napi-rs binary sub-packages have no deps and minimal READMEs by design; these signals are structural false positives for this package type.	ai	2026/04/24

Versions (showing 16 of 16)

Version	Deps	Published
7.3.3	0 / 0	2025-09-11
7.3.2	0 / 0	2025-08-16
7.3.1	0 / 0	2025-08-04
7.3.0	0 / 0	2025-07-15
7.2.2	0 / 0	2022-11-13
7.2.1	0 / 0	2022-10-23
7.2.0	0 / 0	2022-10-05
7.1.2	0 / 0	2022-08-09
7.1.1	0 / 0	2021-12-22
7.1.0	0 / 0	2021-12-22
7.0.5	0 / 0	2021-11-06
7.0.4	0 / 0	2021-10-28
7.0.3	0 / 0	2021-08-27
7.0.2	0 / 0	2021-08-11
7.0.1	0 / 0	2021-08-04
7.0.0	0 / 0	2021-08-04

v7.3.3

2 findings

HIGH Bundled binary files (1) npm-metadata

Package contains compiled binaries that could be backdoors: • snappy.linux-x64-gnu.node

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.3.2

2 findings

HIGH Publisher changed: broooooklyn → GitHub Actions (on 2025-08-16) provenance

This version was published by a different npm account than previous versions on 2025-08-16. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.3.1

2 findings

HIGH Publisher changed: broooooklyn → GitHub Actions (on 2025-08-04) provenance

This version was published by a different npm account than previous versions on 2025-08-04. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.3.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.