term-img
Display images in terminals using the iTerm inline image protocol
1
Versions
MIT
License
No
Install Scripts
Missing
Provenance
Supply chain provenance
Status for the latest visible version.
No SLSA provenance
npm registry signatures
gitHead linked
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
sindresorhus
Keywords
termimageitermiterm2terminalshellconsolecommand-lineimgpicpicturephotoappversionansiescapegifgifsjpgjpeg
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:ansi-escapes | AI (dependencies): ansi-escapes is a well-known sindresorhus package; its use here for terminal escape sequences is expected and appropriate for this package's purpose. | ai | |
| dependencies | unvetted-dep:iterm2-version | AI (dependencies): iterm2-version is a sindresorhus package used to detect iTerm2 version; directly relevant to term-img's iTerm2 inline image protocol functionality. | ai | |
| provenance | no-provenance | AI (provenance): sindresorhus packages historically do not use Sigstore provenance; absence is consistent with the publisher's track record and not a security concern. | ai |
Versions (showing 1 of 1)
| Version | Deps | Published |
|---|---|---|
| 7.1.0 | 2 / 4 |
v7.1.0
1 finding
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.