flow-bin
Binary wrapper for Flow - A static type checker for JavaScript
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| npm-metadata | bundled-binaries | AI (npm-metadata): flow-bin's purpose is to ship prebuilt Flow binaries for linux64/osx/win64; bundled binaries are expected and include SHASUM256 verification. | ai | |
| install-scripts | install-script:postinstall | AI (install-scripts): flow-bin is a binary wrapper; postinstall downloads prebuilt Flow binaries. Standard pattern for *-bin packages, stable across versions. | ai | |
| semgrep | semgrep:child-process-import | AI (semgrep): flow-bin is a binary wrapper whose entire purpose is to spawn the Flow executable via child_process.spawn. This pattern is stable and expected across all versions of this package. | ai |
Versions (showing 51 of 386)
| Version | Deps | Published |
|---|---|---|
| 0.278.0 | 0 / 0 | |
| 0.277.1 | 0 / 0 | |
| 0.276.0 | 0 / 0 | |
| 0.275.0 | 0 / 0 | |
| 0.274.2 | 0 / 0 | |
| 0.274.1 | 0 / 0 | |
| 0.274.0 | 0 / 0 | |
| 0.273.1 | 0 / 0 | |
| 0.272.2 | 0 / 0 | |
| 0.272.1 | 0 / 0 | |
| 0.272.0 | 0 / 0 | |
| 0.271.0 | 0 / 0 | |
| 0.270.0 | 0 / 0 | |
| 0.269.1 | 0 / 0 | |
| 0.268.0 | 0 / 0 | |
| 0.267.0 | 0 / 0 | |
| 0.266.1 | 0 / 0 | |
| 0.266.0 | 0 / 0 | |
| 0.265.3 | 0 / 0 | |
| 0.265.2 | 0 / 0 | |
| 0.265.1 | 0 / 0 | |
| 0.265.0 | 0 / 0 | |
| 0.264.0 | 0 / 0 | |
| 0.263.0 | 0 / 0 | |
| 0.262.0 | 0 / 0 | |
| 0.261.2 | 0 / 0 | |
| 0.261.1 | 0 / 0 | |
| 0.261.0 | 0 / 0 | |
| 0.260.0 | 0 / 0 | |
| 0.259.1 | 0 / 0 | |
| 0.259.0 | 0 / 0 | |
| 0.258.1 | 0 / 0 | |
| 0.258.0 | 0 / 0 | |
| 0.257.1 | 0 / 0 | |
| 0.257.0 | 0 / 0 | |
| 0.256.0 | 0 / 0 | |
| 0.255.0 | 0 / 0 | |
| 0.254.2 | 0 / 0 | |
| 0.254.1 | 0 / 0 | |
| 0.254.0 | 0 / 0 | |
| 0.253.0 | 0 / 0 | |
| 0.252.0 | 0 / 0 | |
| 0.251.1 | 0 / 0 | |
| 0.251.0 | 0 / 0 | |
| 0.250.0 | 0 / 0 | |
| 0.249.0 | 0 / 0 | |
| 0.248.1 | 0 / 0 | |
| 0.248.0 | 0 / 0 | |
| 0.247.1 | 0 / 0 | |
| 0.247.0 | 0 / 0 | |
| 0.246.0 | 0 / 0 |
v0.278.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.277.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.276.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.275.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.274.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.274.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.274.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.273.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.272.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.272.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.272.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.271.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.270.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.269.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.268.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.267.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.266.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.266.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.265.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.265.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.265.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.265.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.264.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.263.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.262.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.261.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.261.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.261.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.260.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.259.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.259.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.258.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.258.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.257.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.257.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.256.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.255.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.254.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.254.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.254.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.253.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.252.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.251.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.251.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.250.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.249.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.248.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.248.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.247.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.247.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.246.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.