dtrace-provider
Native DTrace providers for node.js applications
1
Versions
BSD-2-Clause
License
Yes
Install Scripts
Missing
Provenance
Supply chain provenance
Status for the latest visible version.
No SLSA provenance
npm registry signatures
gitHead linked
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
chrisadapmelloctjfontaine
Keywords
dtraceusdt
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:nan | AI (phantom-deps): nan is a native addon header-only dependency referenced in binding.gyp/C++ code, not via JS require(). This pattern is expected for all nan-based native addons. | ai | |
| semgrep | semgrep:dynamic-require | AI (semgrep): Dynamic require is used to probe multiple build output paths for the native binding. Path is constructed from a controlled local array, not user input — no arbitrary module loading risk. | ai | |
| install-scripts | install-script:install | AI (install-scripts): node-gyp rebuild is the standard native addon build step; suppress-error.js gracefully handles unsupported platforms. Stable and expected for this package. | ai |
Versions (showing 1 of 1)
| Version | Deps | Published |
|---|---|---|
| 0.8.8 | 1 / 1 |