@napi-rs/snappy-win32-ia32-msvc

Fastest Snappy compression library in Node.js

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

broooooklynforehalo

Keywords

snappysnapcompressioncompressnapi-rsNAPIN-APIRustNode-APInode-addonnode-addon-api

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): napi-rs/snappy uses GitHub Actions for automated releases; publisher transition from broooooklyn to GitHub Actions is the documented CI/CD release pattern for this project, backed by SLSA attestation.	ai	2026/04/24
publish-pattern	dormant-publish	AI (publish-pattern): Platform-specific binary sub-packages in napi-rs ecosystem are published on-demand; dormancy is expected. SLSA attestation confirms legitimate CI/CD origin.	ai	2026/04/24
provenance	slsa-provenance	AI (provenance): napi-rs/snappy consistently publishes via GitHub Actions with SLSA attestation; this is the expected and documented release flow for this package family.	ai	2026/04/24
npm-metadata	bundled-binaries	AI (npm-metadata): This package's sole purpose is to ship a precompiled napi-rs .node binary for Windows ia32. Bundled binary is expected and covered by SLSA provenance attestation.	ai	2026/04/24
bogus-package	bogus-package	AI (bogus-package): Platform-specific napi-rs sub-packages intentionally have no deps and minimal READMEs; these are not spam indicators for this package type.	ai	2026/04/24

Versions (showing 16 of 16)

Version	Deps	Published
7.3.3	0 / 0	2025-09-11
7.3.2	0 / 0	2025-08-16
7.3.1	0 / 0	2025-08-04
7.3.0	0 / 0	2025-07-15
7.2.2	0 / 0	2022-11-13
7.2.1	0 / 0	2022-10-23
7.2.0	0 / 0	2022-10-05
7.1.2	0 / 0	2022-08-09
7.1.1	0 / 0	2021-12-22
7.1.0	0 / 0	2021-12-22
7.0.5	0 / 0	2021-11-06
7.0.4	0 / 0	2021-10-28
7.0.3	0 / 0	2021-08-27
7.0.2	0 / 0	2021-08-11
7.0.1	0 / 0	2021-08-04
7.0.0	0 / 0	2021-08-04

v7.3.3

2 findings

HIGH Bundled binary files (1) npm-metadata

Package contains compiled binaries that could be backdoors: • snappy.win32-ia32-msvc.node

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.3.2

2 findings

HIGH Publisher changed: broooooklyn → GitHub Actions (on 2025-08-16) provenance

This version was published by a different npm account than previous versions on 2025-08-16. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.3.1

2 findings

HIGH Publisher changed: broooooklyn → GitHub Actions (on 2025-08-04) provenance

This version was published by a different npm account than previous versions on 2025-08-04. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.3.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.