readdirp
Recursive version of fs.readdir with small RAM & CPU footprint
47
Versions
MIT
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
gitHead linked
Maintainers
paulmillrthlorenz
Keywords
recursivefsstreamstreamsreaddirfilesystemfindfilter
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | publisher-changed | AI (provenance): Package legitimately transferred to paulmillr (Paul Miller), a well-known OSS developer. SLSA provenance attestation confirms CI/CD publish integrity. Repository URL updated to paulmillr/readdirp consistently. | ai | |
| maintainer-change | maintainer-added | AI (maintainer-change): paulmillr is a reputable, well-known OSS developer. This is a documented legitimate transfer of the readdirp package. | ai | |
| source-diff | source-size-dropped | AI (source-diff): Size drop from 131KB to 13KB reflects a TypeScript ESM rewrite with no runtime deps — a legitimate simplification, not a stub/redirect. | ai | |
| publish-pattern | dormant-publish | AI (publish-pattern): Dormancy followed by a major version rewrite is consistent with a maintainer transition, not account takeover. SLSA provenance further confirms legitimacy. | ai | |
| provenance | no-provenance | AI (provenance): Package is over 5000 days old; lack of Sigstore provenance is expected for packages predating that infrastructure. | ai | |
| dependencies | unvetted-dep:minimatch | AI (dependencies): minimatch is a well-known, widely-used glob library; its use as a dependency in a directory-reading utility is entirely expected and benign. | ai | |
| dependencies | unvetted-dep:set-immediate-shim | AI (dependencies): set-immediate-shim is a tiny, stable setImmediate polyfill with no security concerns; safe for this package across versions. | ai |
Versions (showing 47 of 47)
| Version | Deps | Published |
|---|---|---|
| 5.0.0 | 0 / 7 | |
| 4.1.2 | 0 / 8 | |
| 4.1.1 | 0 / 8 | |
| 4.1.0 | 0 / 8 | |
| 4.0.2 | 0 / 9 | |
| 4.0.1 | 0 / 9 | |
| 4.0.0 | 0 / 9 | |
| 3.6.0 | 1 / 9 | |
| 3.5.0 | 1 / 9 | |
| 3.4.0 | 1 / 8 | |
| 3.3.0 | 1 / 8 | |
| 3.2.0 | 1 / 9 | |
| 3.1.3 | 1 / 9 | |
| 3.1.2 | 1 / 8 | |
| 3.1.1 | 1 / 8 | |
| 3.1.0 | 1 / 8 | |
| 3.0.3 | 1 / 8 | |
| 3.0.2 | 1 / 8 | |
| 3.0.1 | 1 / 8 | |
| 3.0.0 | 1 / 7 | |
| 2.2.1 | 3 / 4 | |
| 2.2.0 | 4 / 4 | |
| 2.1.0 | 4 / 4 | |
| 2.0.1 | 3 / 3 | |
| 2.0.0 | 3 / 3 | |
| 1.4.0 | 3 / 3 | |
| 1.3.0 | 3 / 2 | |
| 1.2.0 | 3 / 2 | |
| 1.1.0 | 3 / 2 | |
| 1.0.1 | 3 / 2 | |
| 1.0.0 | 3 / 2 | |
| 0.4.0 | 2 / 2 | |
| 0.3.3 | 2 / 2 | |
| 0.3.2 | 2 / 2 | |
| 0.3.1 | 2 / 2 | |
| 0.3.0 | 2 / 3 | |
| 0.2.5 | 1 / 3 | |
| 0.2.4 | 1 / 3 | |
| 0.2.3 | 1 / 3 | |
| 0.2.2 | 1 / 3 | |
| 0.2.1 | 1 / 3 | |
| 0.2.0 | 1 / 3 | |
| 0.1.4 | 1 / 2 | |
| 0.1.3 | 1 / 2 | |
| 0.1.2 | 1 / 2 | |
| 0.1.1 | 1 / 2 | |
| 0.1.0 | 1 / 2 |