tty-browserify
the tty module from node core for browsers
2
Versions
MIT
License
No
Install Scripts
Missing
Provenance
Supply chain provenance
Status for the latest visible version.
No SLSA provenance
npm registry signatures
gitHead linked
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
substacktehshrikepkruminsstevemaoemilbayesbpostlethwaitegoto-bus-stopfpereira1hughskmattdeslanandthakkerbretgarannleichtgewichtforbeslindesayyerkopalmaparshapelnounchahdinosaurungoldmanyoshuawuytssethvincentjryansindutnyjprichardsondcousenscwmmabaluptonashaffer88mellowmelonjmmterinjokesthlorenzdominictarrmaxogdenmafintoshzertoshgkatsevfeross
Keywords
ttybrowserbrowserify
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | publisher-changed | AI (provenance): Publisher change from substack to goto-bus-stop reflects the documented 2018 browserify org transition; goto-bus-stop has a strong track record and this is a stable, well-known package. | ai | |
| maintainer-change | maintainer-added | AI (maintainer-change): Large maintainer list addition reflects the browserify org collective model during the 2018 transition; not indicative of compromise. | ai | |
| publish-pattern | dormant-publish | AI (publish-pattern): Dormancy followed by publish is explained by the 2018 browserify org handoff from substack; no malicious indicators present. | ai | |
| npm-metadata | suspicious-initial-version | AI (npm-metadata): tty-browserify is a legitimate browserify shim intentionally versioned at 0.0.0 by substack; this is a stable, well-known pattern for browser stub modules. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Tiny payload and minimal README are expected for a browser stub/shim module; this is a legitimate minimal package by a trusted publisher. | ai |