← Home

microtime

npm Repository Homepage

Get the current time in microseconds

29
Versions
MIT
License
Yes
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

wadey

Keywords

microtimemicrosecondsgettimeofday

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
phantom-deps phantom-dep:prebuild-install AI (phantom-deps): prebuild-install is used at install time by the install script, not directly imported in JS — expected for native addon packages. ai
phantom-deps phantom-dep:nan AI (phantom-deps): nan is a legitimate C++ native addon dependency used at the native layer, not imported in JS. This is expected for node-gyp-based packages and generalizes across all versions. ai
phantom-deps phantom-dep:node-addon-api AI (phantom-deps): node-addon-api must be in runtime dependencies (not devDependencies) so its C++ headers are available during native compilation on end-user machines — standard pattern. ai
install-scripts install-script:install AI (install-scripts): node-gyp-build is the standard install script for native addons shipping prebuilts via prebuildify; stable and expected for this package. ai
npm-metadata bundled-binaries AI (npm-metadata): Prebuilt .node binaries are the expected output of prebuildify for this native addon; consistent with the package's documented build workflow across all versions. ai

Versions (showing 29 of 29)

Version Deps Published
3.0.0 2 / 6
2.1.9 3 / 4
2.1.8 3 / 4
2.1.3 2 / 2
2.1.2 2 / 2
2.0.0 2 / 0
1.5.0 2 / 0
1.4.2 2 / 0
1.4.1 2 / 0
1.4.0 2 / 0
1.3.0 2 / 0
1.2.0 2 / 0
1.1.1 2 / 0
1.1.0 2 / 0
1.0.1 2 / 0
1.0.0 2 / 0
0.6.0 2 / 0
0.5.1 2 / 0
0.5.0 2 / 0
0.4.0 1 / 0
0.3.3 1 / 0
0.3.2 1 / 0
0.3.1 1 / 0
0.3.0 1 / 0
0.2.0 0 / 0
0.1.3 0 / 0
0.1.2 0 / 0
0.1.1 0 / 0
0.1.0 0 / 0

v3.0.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.1.9

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.1.8

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.1.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.1.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.