node-sass

Package contains compiled binaries that could be backdoors: • precompiled/darwin-x64/binding.node • precompiled/linux-ia32/binding.node • precompiled/linux-x64/binding.node • build/Release/binding.node • build/Release/obj.target/binding/binding.o • build/Release/obj.target/binding/libsass/context.o • build/Release/obj.target/binding/libsass/document.o • build/Release/obj.target/binding/libsass/document_parser.o • build/Release/obj.target/binding/libsass/eval_apply.o • build/Release/obj.target/binding/libsass/functions.o ... and 5 more

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

Package contains compiled binaries that could be backdoors: • precompiled/darwin/binding.node • precompiled/linux/binding.node • build/Release/binding.node • build/Release/obj.target/binding/binding.o • build/Release/obj.target/binding/libsass/context.o • build/Release/obj.target/binding/libsass/document.o • build/Release/obj.target/binding/libsass/document_parser.o • build/Release/obj.target/binding/libsass/eval_apply.o • build/Release/obj.target/binding/libsass/functions.o • build/Release/obj.target/binding/libsass/node.o ... and 4 more

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.