exposify
browserify transform that exposes globals added via a script tag as modules so they can be required.
13
Versions
—
License
No
Install Scripts
Missing
Provenance
Supply chain provenance
Status for the latest visible version.
No SLSA provenance
npm registry signatures
gitHead linked
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
bendruckerthlorenz
Keywords
browserifybrowserify-transformtransformexposewindowglobalrequireshim
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | publisher-changed | AI (provenance): Publisher change thlorenz→bendrucker occurred in 2015; bendrucker is an established npm publisher with long history. Repo URL unchanged. Legitimate historical transition. | ai | |
| maintainer-change | maintainer-added | AI (maintainer-change): bendrucker is an established npm user added as maintainer in 2015. No malicious indicators; consistent with a legitimate handoff. | ai | |
| npm-metadata | url-dep:detective | AI (npm-metadata): URL dep points to the same author's own GitHub fork, pinned to a specific branch. Package is 12+ years old with no abuse history; this is a stable, intentional dependency choice by the maintainer. | ai | |
| provenance | no-provenance | AI (provenance): Package is 4477 days old, predating Sigstore provenance on npm. No provenance is expected and stable for this package. | ai |