csv
A mature CSV toolset with simple api, full of options and tested against large datasets.
4
Versions
MIT
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
gitHead linked
Maintainers
david
Keywords
nodecsvtsvparserparsestringifierstringifytransformstreamgenerategenerationbackendfrontend
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| typosquat | typosquat.levenshtein:qs | AI (typosquat): 'csv' is a legitimate, well-established CSV parsing package with 1.9M weekly downloads — not a typosquat of 'qs'. Edit-distance match is coincidental. | ai | |
| typosquat | typosquat.levenshtein:ajv | AI (typosquat): 'csv' is a legitimate, well-established CSV parsing package with 1.9M weekly downloads — not a typosquat of 'ajv'. Edit-distance match is coincidental. | ai | |
| source-diff | net-exec-file:lib/browser/index.js | AI (source-diff): Browserify bundle output; UMD wrapper triggers net+exec heuristic. Standard build artifact for this package's browser support. | ai | |
| source-diff | net-exec-file:lib/browser/sync.js | AI (source-diff): Browserify bundle output; UMD wrapper triggers net+exec heuristic. Standard build artifact for this package's browser support. | ai | |
| source-diff | source-size-tripled | AI (source-diff): Size increase is from adding browserify browser bundles (~340KB each), as shown in the build script. | ai | |
| provenance | publisher-changed | AI (provenance): Publisher changed from david to GitHub Actions with SLSA provenance attestation — legitimate transition to CI/CD publishing for this established package. | ai |