cpu-features
A simple binding to Google's cpu_features library for obtaining information about installed CPU(s)
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| install-scripts | install-script:install | AI (install-scripts): node-gyp rebuild is the standard install step for this native C++ binding to Google's cpu_features library; stable and expected for this package. | ai | |
| phantom-deps | phantom-dep:nan | AI (phantom-deps): nan is used as a native addon C++ helper (referenced in binding.gyp/C++ headers), not via require(); this is the correct usage pattern for nan-based native addons. | ai |
v0.0.10
2 findingsScript: node buildcheck.js > buildcheck.gypi && node-gyp rebuild
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.2
2 findingsScript: node-gyp rebuild
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.