← Home

bcrypt-ts

npm Repository Homepage
2
Versions
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

mister-hope

Keywords

bcryptbcryptjs

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
typosquat typosquat.pattern:bcrypt AI (typosquat): bcrypt-ts is a legitimate TypeScript reimplementation of bcrypt, not a typosquat. The -ts suffix is a standard convention for TypeScript ports. Package is 4+ years old with 21 versions and SLSA provenance. ai
typosquat typosquat.levenshtein:bcryptjs AI (typosquat): Name similarity to bcryptjs is intentional — bcrypt-ts is a TypeScript alternative. Both bcrypt and bcryptjs are listed as keywords. No deceptive intent; package has 4+ years of history. ai

Versions (showing 2 of 2)

Version Deps Published
8.0.1 0 / 14
8.0.0 0 / 18

v8.0.1

2 findings
HIGH typosquat.pattern: Suspicious name similarity to 'bcrypt' typosquat

Package name 'bcrypt-ts' matches a known typosquatting pattern (hyphen swap, prefix/suffix) of 'bcrypt'.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v8.0.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.