@rspack/core No license 80 versions

@rspack/core

npm Repository Homepage

Versions

—

License

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

hardfistchenjiahan

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
semgrep	semgrep:dynamic-require	AI (semgrep): Dynamic require in vendored browserslist loads caniuse-lite region data by validated region code — standard browserslist behavior, not arbitrary module loading.	ai	2026/04/24
semgrep	semgrep:eval-usage	AI (semgrep): eval("require") in vendored browserslist is a standard bundler idiom to prevent static require analysis, not an attack vector. Stable false positive for this package.	ai	2026/04/24
source-diff	encoded-string-file:dist/worker.js	AI (source-diff): Same WASM xxhash64 module embedded in worker bundle — identical legitimate pattern as in dist/index.js, stable across rspack versions.	ai	2026/04/24
source-diff	encoded-string-file:dist/index.js	AI (source-diff): Encoded strings are base64-encoded WebAssembly modules for xxhash64 hashing — a legitimate, documented pattern for rspack's bundled WASM hash implementation.	ai	2026/04/24
phantom-deps	phantom-dep:@tmp-sass-embedded/darwin-x64	AI (phantom-deps): Platform-specific optional binary for sass-embedded; declared in optionalDependencies and loaded conditionally. Legitimate pattern.	ai	2026/04/24
phantom-deps	phantom-dep:@tmp-sass-embedded/win32-ia32	AI (phantom-deps): Platform-specific optional binary for sass-embedded; declared in optionalDependencies and loaded conditionally. Legitimate pattern.	ai	2026/04/24
phantom-deps	phantom-dep:@tmp-sass-embedded/linux-arm64	AI (phantom-deps): Platform-specific optional binary for sass-embedded; declared in optionalDependencies and loaded conditionally. Legitimate pattern.	ai	2026/04/24
phantom-deps	phantom-dep:@tmp-sass-embedded/darwin-arm64	AI (phantom-deps): Platform-specific optional binary for sass-embedded; declared in optionalDependencies and loaded conditionally. Legitimate pattern.	ai	2026/04/24
phantom-deps	phantom-dep:@rspack/dev-client	AI (phantom-deps): Same-org dependency declared in runtime deps; conditionally loaded. Not a phantom dep in the malicious sense.	ai	2026/04/24
phantom-deps	phantom-dep:@tmp-sass-embedded/linux-ia32	AI (phantom-deps): Platform-specific optional binary for sass-embedded; declared in optionalDependencies and loaded conditionally. Legitimate pattern.	ai	2026/04/24
typosquat	typosquat.levenshtein:cors	AI (typosquat): @rspack/core is a well-known Rust-based bundler under the @rspack scope; no impersonation of 'cors'. This is a stable false positive for this package.	ai	2026/04/24
phantom-deps	phantom-dep:@tmp-sass-embedded/linux-x64	AI (phantom-deps): Platform-specific optional binary for sass-embedded; declared in optionalDependencies and loaded conditionally. Legitimate pattern.	ai	2026/04/24
phantom-deps	phantom-dep:@tmp-sass-embedded/win32-x64	AI (phantom-deps): Platform-specific optional binary for sass-embedded; declared in optionalDependencies and loaded conditionally. Legitimate pattern.	ai	2026/04/24
bogus-package	bogus-package	AI (bogus-package): hardfist (Boshen Chen) is the well-known creator of Rspack/Oxc; spam flag is a false positive. No-keywords signal is irrelevant for a major bundler package.	ai	2026/04/23

Versions (showing 80 of 180)

Show 20 prereleases

Version	Deps	Published
0.5.8	13 / 29	2024-03-19
0.5.7	13 / 29	2024-03-12
0.5.6	13 / 28	2024-03-05
0.5.5	14 / 29	2024-02-27
0.5.4	14 / 30	2024-02-06
0.5.3	14 / 30	2024-01-29
0.5.2	14 / 30	2024-01-23
0.5.1	13 / 31	2024-01-16
0.5.0	13 / 33	2024-01-09
0.4.5	16 / 33	2023-12-26
0.4.4	15 / 33	2023-12-20
0.4.3	16 / 32	2023-12-12
0.4.2	16 / 32	2023-12-05
0.4.1	16 / 32	2023-11-28
0.4.0	16 / 34	2023-11-22
0.3.14	16 / 34	2023-11-17
0.3.13	16 / 32	2023-11-15
0.3.12	16 / 31	2023-11-14
0.3.11	17 / 31	2023-11-07
0.3.10	18 / 31	2023-11-02
0.3.9	18 / 31	2023-11-02
0.3.8	16 / 27	2023-10-24
0.3.7	16 / 27	2023-10-17
0.3.6	16 / 26	2023-10-02
0.3.5	16 / 26	2023-09-26
0.3.4	16 / 26	2023-09-13
0.3.3	16 / 26	2023-09-13
0.3.2	17 / 23	2023-09-06
0.3.1	16 / 23	2023-08-29
0.3.0	16 / 23	2023-08-24
0.2.12	16 / 24	2023-08-15
0.2.11	16 / 25	2023-08-08
0.2.10	16 / 25	2023-08-01
0.2.9	16 / 25	2023-07-25
0.2.8	16 / 25	2023-07-18
0.2.7	16 / 25	2023-07-13
0.2.6	16 / 25	2023-07-11
0.2.5	16 / 25	2023-07-04
0.2.4	16 / 25	2023-06-27
0.2.3	14 / 31	2023-06-20
0.2.2	15 / 30	2023-06-13
0.2.1	15 / 30	2023-06-07
0.2.0	13 / 30	2023-06-02
0.1.12	13 / 33	2023-05-23
0.1.11	13 / 34	2023-05-16
0.1.10	13 / 34	2023-05-09
0.1.9	13 / 35	2023-04-25
0.1.8	13 / 35	2023-04-18
0.1.7	12 / 35	2023-04-11
0.1.6	12 / 36	2023-04-04
0.1.5	12 / 36	2023-04-03
0.1.4	12 / 35	2023-03-29
0.1.3	12 / 35	2023-03-28
0.1.2	12 / 35	2023-03-22
0.1.1	12 / 35	2023-03-16
0.1.0	12 / 35	2023-03-09
0.0.26	12 / 35	2023-03-07
0.0.25	12 / 33	2023-03-07
0.0.24	12 / 33	2023-03-03
0.0.23	19 / 32	2023-02-23
0.0.22	19 / 34	2023-02-07
0.0.21	19 / 30	2022-12-27
0.0.20	19 / 30	2022-12-26
0.0.19	19 / 30	2022-12-23
0.0.18	19 / 30	2022-12-20
0.0.17	19 / 30	2022-12-18
0.0.16	19 / 30	2022-12-18
0.0.15	17 / 20	2022-12-16
0.0.14	17 / 20	2022-12-15
0.0.13	17 / 20	2022-12-15
0.0.11	17 / 20	2022-12-05
0.0.10	17 / 20	2022-11-18
0.0.9	18 / 15	2022-11-10
0.0.8	18 / 15	2022-11-10
0.0.7	19 / 9	2022-09-08
0.0.6	19 / 9	2022-09-08
0.0.4	19 / 9	2022-09-08
0.0.3	11 / 3	2022-08-31
0.0.2	11 / 3	2022-08-31
0.0.1	1 / 0	2022-04-06