@rspack/binding-linux-x64-gnu
Node binding for rspack
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | publisher-changed | AI (provenance): rspack migrated to GitHub Actions CI/CD publishing with SLSA provenance attestation. Publisher change to 'GitHub Actions' is expected and desirable for this package. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Platform-specific native binding packages are intentionally tiny, dependency-free, and templated in name. These signals are structural false positives for @rspack/binding-* packages. | ai |
Versions (showing 77 of 177)
| Version | Deps | Published |
|---|---|---|
| 0.7.0 | 0 / 0 | |
| 0.6.5 | 0 / 0 | |
| 0.6.4 | 0 / 0 | |
| 0.6.3 | 0 / 0 | |
| 0.6.2 | 0 / 0 | |
| 0.6.1 | 0 / 0 | |
| 0.6.0 | 0 / 0 | |
| 0.5.9 | 0 / 0 | |
| 0.5.8 | 0 / 0 | |
| 0.5.7 | 0 / 0 | |
| 0.5.6 | 0 / 0 | |
| 0.5.5 | 0 / 0 | |
| 0.5.4 | 0 / 0 | |
| 0.5.3 | 0 / 0 | |
| 0.5.2 | 0 / 0 | |
| 0.5.1 | 0 / 0 | |
| 0.5.0 | 0 / 0 | |
| 0.4.5 | 0 / 0 | |
| 0.4.4 | 0 / 0 | |
| 0.4.3 | 0 / 0 | |
| 0.4.2 | 0 / 0 | |
| 0.4.1 | 0 / 0 | |
| 0.4.0 | 0 / 0 | |
| 0.3.14 | 0 / 0 | |
| 0.3.13 | 0 / 0 | |
| 0.3.12 | 0 / 0 | |
| 0.3.11 | 0 / 0 | |
| 0.3.10 | 0 / 0 | |
| 0.3.8 | 0 / 0 | |
| 0.3.7 | 0 / 0 | |
| 0.3.6 | 0 / 0 | |
| 0.3.5 | 0 / 0 | |
| 0.3.4 | 0 / 0 | |
| 0.3.3 | 0 / 0 | |
| 0.3.2 | 0 / 0 | |
| 0.3.1 | 0 / 0 | |
| 0.3.0 | 0 / 0 | |
| 0.2.12 | 0 / 0 | |
| 0.2.11 | 0 / 0 | |
| 0.2.10 | 0 / 0 | |
| 0.2.9 | 0 / 0 | |
| 0.2.8 | 0 / 0 | |
| 0.2.7 | 0 / 0 | |
| 0.2.6 | 0 / 0 | |
| 0.2.5 | 0 / 0 | |
| 0.2.4 | 0 / 0 | |
| 0.2.3 | 0 / 0 | |
| 0.2.2 | 0 / 0 | |
| 0.2.1 | 0 / 0 | |
| 0.2.0 | 0 / 0 | |
| 0.1.12 | 0 / 0 | |
| 0.1.11 | 0 / 0 | |
| 0.1.10 | 0 / 0 | |
| 0.1.9 | 0 / 0 | |
| 0.1.8 | 0 / 0 | |
| 0.1.7 | 0 / 0 | |
| 0.1.6 | 0 / 0 | |
| 0.1.5 | 0 / 0 | |
| 0.1.4 | 0 / 0 | |
| 0.1.3 | 0 / 0 | |
| 0.1.2 | 0 / 0 | |
| 0.1.1 | 0 / 0 | |
| 0.1.0 | 0 / 0 | |
| 0.0.26 | 0 / 0 | |
| 0.0.25 | 0 / 0 | |
| 0.0.24 | 0 / 0 | |
| 0.0.23 | 0 / 0 | |
| 0.0.22 | 0 / 0 | |
| 0.0.21 | 0 / 0 | |
| 0.0.20 | 0 / 0 | |
| 0.0.19 | 0 / 0 | |
| 0.0.18 | 0 / 0 | |
| 0.0.17 | 0 / 0 | |
| 0.0.16 | 0 / 0 | |
| 0.0.15 | 0 / 0 | |
| 0.0.14 | 0 / 0 | |
| 0.0.13 | 0 / 0 |
v0.7.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.6.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.6.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.6.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.23
2 findingsMatched 5 signal(s), weighted score 9: • [S_KNOWN_SPAM_PUBLISHER] Maintainer(s) previously flagged as spam: hardfist, iwanabethatguy. • [S_PUBLISHER_MASS_PRODUCTION] Maintainer 'iwanabethatguy' owns 27 packages, ≥70% share a templated name shape. • [S_NO_KEYWORDS] No keywords declared. • [S_NO_DEPS] No runtime, dev, peer, or optional dependencies declared. • [S_TINY_PAYLOAD] Tiny payload: 0 code file(s), 2747 bytes total.
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.