tiny-worker BSD-3-Clause 23 versions

tiny-worker

npm Repository Homepage

Tiny WebWorker for Server

23

Versions

BSD-3-Clause

License

No

Install Scripts

Missing

Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

avoidwork

Keywords

webworkerpswebworker

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
semgrep	semgrep:child-process-import	AI (semgrep): tiny-worker is a Web Worker polyfill that uses child_process.fork as its core mechanism; this is expected and documented behavior for this package.	ai	2026/04/23
semgrep	semgrep:eval-usage	AI (semgrep): eval() is used to deserialize user-supplied function strings across process boundaries — inherent to the Web Worker polyfill design, not a supply-chain risk.	ai	2026/04/23
semgrep	semgrep:dynamic-require	AI (semgrep): require(path.join(__dirname, 'noop.js')) is a static local path join to a known bundled file; not a true dynamic require risk.	ai	2026/04/23

Versions (showing 23 of 23)

Version	Deps	Published
2.3.0	1 / 8	2019-09-20
2.2.0	1 / 8	2019-04-11
2.1.2	0 / 7	2018-03-01
2.1.1	0 / 7	2017-05-04
2.1.0	0 / 7	2017-04-20
2.0.3	0 / 7	2017-03-13
2.0.2	0 / 7	2017-03-05
2.0.1	0 / 7	2017-01-05
2.0.0	0 / 7	2017-01-05
1.1.7	0 / 7	2016-10-03
1.1.6	0 / 7	2016-10-03
1.1.5	0 / 7	2016-08-05
1.1.4	0 / 7	2016-06-15
1.1.3	0 / 7	2016-06-15
1.1.2	0 / 7	2016-06-15
1.1.1	0 / 7	2015-10-14
1.1.0	0 / 7	2015-10-14
1.0.4	0 / 7	2015-09-30
1.0.3	0 / 6	2015-09-30
1.0.2	0 / 6	2015-09-30
1.0.1	0 / 6	2015-09-30
1.0.0	1 / 6	2015-09-30
0.1.0	1 / 6	2015-09-29

v2.3.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.2.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.1.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.1.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.1.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.3

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.1.7

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.1.6

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.1.5

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.1.4

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.1.3

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.1.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.1.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.1.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.4

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.3

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.