nodejieba MIT 51 versions

nodejieba

npm Repository Homepage

chinese word segmentation for node

51

Versions

MIT

License

Yes

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

yanyiwuluckykaiyi

Keywords

chinesesegmentcppjiebajieba中文分词结巴分词

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
phantom-deps	phantom-dep:nan	AI (phantom-deps): nan is a native addon C++ helper used at build time via node-gyp; it is not imported in JS but is a legitimate build dependency for this native addon package.	ai	2026/04/24
publish-pattern	new-deps-added	AI (publish-pattern): @mapbox/node-pre-gyp is the official maintained successor to node-pre-gyp; this swap is a routine, expected migration for native addon packages.	ai	2026/04/23
install-scripts	install-script:install	AI (install-scripts): nodejieba is a native C++ addon; node-pre-gyp install --fallback-to-build is the standard documented install pattern for fetching prebuilt binaries.	ai	2026/04/23
phantom-deps	phantom-dep:node-addon-api	AI (phantom-deps): node-addon-api is used in the native build system (binding.gyp), not imported in JS. Standard for native addon packages.	ai	2026/04/23
semgrep	semgrep:dynamic-require	AI (semgrep): Dynamic require loads the compiled native .node binary via node-pre-gyp's binary.find(); standard pattern for native addons, not arbitrary code loading.	ai	2026/04/23
phantom-deps	phantom-dep:@mapbox/node-pre-gyp	AI (phantom-deps): @mapbox/node-pre-gyp is referenced in the install script and binary config; its use is legitimate and expected for this native addon.	ai	2026/04/23

Versions (showing 51 of 52)

View all versions

Version	Deps	Published
3.5.2	2 / 3	2025-08-02
2.5.1	2 / 6	2020-11-22
2.4.2	2 / 6	2020-11-13
2.4.1	2 / 6	2020-03-11
2.4.0	2 / 6	2020-01-14
2.3.3	1 / 5	2019-10-29
2.3.1	1 / 5	2019-06-07
2.3.0	1 / 5	2018-10-16
2.2.7	1 / 5	2018-10-16
2.2.6	1 / 4	2018-05-03
2.2.4	1 / 4	2016-11-13
2.2.3	1 / 4	2016-08-10
2.2.0	1 / 4	2016-06-13
2.0.0	1 / 4	2016-05-11
1.4.11	1 / 4	2016-04-30
1.4.10	1 / 4	2016-03-19
1.4.9	1 / 4	2016-02-18
1.4.8	1 / 4	2016-01-30
1.4.7	1 / 4	2016-01-20
1.4.6	1 / 4	2016-01-16
1.4.5	1 / 4	2015-12-13
1.4.4	1 / 4	2015-12-12
1.4.3	1 / 2	2015-12-04
1.4.2	1 / 2	2015-12-03
1.4.1	1 / 2	2015-09-11
1.4.0	1 / 2	2015-08-31
1.3.0	1 / 2	2015-08-14
1.2.2	1 / 2	2015-07-31
1.2.1	1 / 2	2015-07-09
1.2.0	1 / 2	2015-06-28
1.1.0	1 / 2	2015-06-27
1.0.3	1 / 0	2015-06-13
1.0.2	1 / 0	2015-06-09
1.0.1	1 / 0	2015-06-08
1.0.0	1 / 0	2015-06-06
0.2.13	1 / 0	2015-05-18
0.2.12	1 / 0	2015-05-17
0.2.11	1 / 0	2015-05-07
0.2.10	1 / 0	2015-04-11
0.2.9	1 / 0	2015-03-13
0.2.7	1 / 0	2015-01-24
0.2.5	1 / 0	2014-12-16
0.2.4	1 / 0	2014-08-14
0.2.3	1 / 0	2014-08-11
0.2.2	1 / 0	2014-07-27
0.2.1	1 / 0	2014-07-26
0.2.0	1 / 0	2014-07-21
0.1.4	0 / 0	2014-04-04
0.1.3	0 / 0	2014-04-03
0.1.2	0 / 0	2014-03-20
0.1.1	0 / 0	2014-02-08

v3.5.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.5.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.4.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.4.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.4.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.3.3

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.3.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.3.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.2.7

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.2.6

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.2.4

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.2.3

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.2.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.