memcpy
Copies data between node Buffers and/or ArrayBuffers up to ~75 times faster than in pure JS.
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| publish-pattern | new-deps-added | AI (publish-pattern): nan is the standard Native Abstractions for Node.js library, expected for a node-gyp-based native addon like memcpy. Not a suspicious dependency addition. | ai | |
| install-scripts | install-script:install | AI (install-scripts): memcpy is a native C++ addon; node-gyp configure build is the standard and expected install script for compiling native bindings. | ai | |
| phantom-deps | phantom-dep:nan | AI (phantom-deps): nan is a native addon build dependency referenced in binding.gyp, not JS imports. This is standard for Node.js native addons. | ai | |
| phantom-deps | phantom-dep:node-arraybuffer | AI (phantom-deps): node-arraybuffer is used in native build configuration for this ArrayBuffer-focused package; phantom detection is a false positive for native addon deps. | ai |
v0.6.0
2 findingsScript: node-gyp configure build
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.4.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.