@rolldown/binding-linux-x64-gnu
Fast JavaScript/TypeScript bundler in Rust with Rollup-compatible API.
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| npm-metadata | bundled-binaries | AI (npm-metadata): This package IS a native binding — the .node file is its sole purpose. SLSA provenance attestation confirms CI/CD build integrity. Stable for all versions of this package. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Signals are false positives: yyx990803 (Evan You) is a highly reputable maintainer; no deps and minimal README are expected for a platform-specific binary binding package. | ai |
Versions (showing 55 of 55)
| Version | Deps | Published |
|---|---|---|
| 1.0.2 | 0 / 0 | |
| 1.0.1 | 0 / 0 | |
| 1.0.0 | 0 / 0 | |
| 0.15.1 | 0 / 0 | |
| 0.15.0 | 0 / 0 | |
| 0.14.0 | 0 / 0 | |
| 0.13.2 | 0 / 0 | |
| 0.13.1 | 0 / 0 | |
| 0.13.0 | 0 / 0 | |
| 0.12.2 | 0 / 0 | |
| 0.12.1 | 0 / 0 | |
| 0.12.0 | 0 / 0 | |
| 0.11.1 | 0 / 0 | |
| 0.11.0 | 0 / 0 | |
| 0.10.5 | 0 / 0 | |
| 0.10.4 | 0 / 0 | |
| 0.10.3 | 0 / 0 | |
| 0.10.2 | 0 / 0 | |
| 0.10.1 | 0 / 0 | |
| 0.10.0 | 0 / 0 | |
| 0.9.2 | 0 / 0 | |
| 0.9.1 | 0 / 0 | |
| 1.0.0-rc.9 | 0 / 0 | |
| 1.0.0-rc.8 | 0 / 0 | |
| 1.0.0-rc.7 | 0 / 0 | |
| 1.0.0-rc.6 | 0 / 0 | |
| 1.0.0-rc.5 | 0 / 0 | |
| 1.0.0-rc.4 | 0 / 0 | |
| 1.0.0-rc.3 | 0 / 0 | |
| 1.0.0-rc.2 | 0 / 0 | |
| 1.0.0-rc.17 | 0 / 0 | |
| 1.0.0-rc.16 | 0 / 0 | |
| 1.0.0-rc.15 | 0 / 0 | |
| 1.0.0-rc.14 | 0 / 0 | |
| 1.0.0-rc.13 | 0 / 0 | |
| 1.0.0-rc.12 | 0 / 0 | |
| 1.0.0-rc.11 | 0 / 0 | |
| 1.0.0-rc.10 | 0 / 0 | |
| 1.0.0-rc.1 | 0 / 0 | |
| 1.0.0-beta.60 | 0 / 0 | |
| 1.0.0-beta.59 | 0 / 0 | |
| 1.0.0-beta.58 | 0 / 0 | |
| 1.0.0-beta.57 | 0 / 0 | |
| 1.0.0-beta.56 | 0 / 0 | |
| 1.0.0-beta.55 | 0 / 0 | |
| 1.0.0-beta.54 | 0 / 0 | |
| 1.0.0-beta.53 | 0 / 0 | |
| 1.0.0-beta.52 | 0 / 0 | |
| 1.0.0-beta.51 | 0 / 0 | |
| 1.0.0-beta.50 | 0 / 0 | |
| 1.0.0-beta.49 | 0 / 0 | |
| 1.0.0-beta.48 | 0 / 0 | |
| 1.0.0-beta.47 | 0 / 0 | |
| 1.0.0-beta.46 | 0 / 0 | |
| 1.0.0-beta.45 | 0 / 0 |
v1.0.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.0.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.0.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.15.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.15.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.14.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.13.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.13.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.13.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.11.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.11.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.3
2 findingsPackage contains compiled binaries that could be backdoors: • rolldown-binding.linux-x64-gnu.node
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.10.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.