workerd
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | publisher-changed | AI (provenance): Migration from wrangler-publisher to GitHub Actions is a legitimate CI/CD transition, confirmed by SLSA provenance from cloudflare/workerd repo. | ai | |
| publish-pattern | dormant-publish | AI (publish-pattern): workerd uses date-based versioning and publishes in bursts aligned with Cloudflare release cycles; dormancy gaps are expected and SLSA provenance attestation confirms CI/CD publishing integrity. | ai | |
| install-scripts | install-script:postinstall | AI (install-scripts): workerd uses postinstall to select and install the correct platform-specific prebuilt binary — a documented, standard pattern for this package. | ai | |
| semgrep | semgrep:env-spread | AI (semgrep): Spreading process.env when spawning a child npm process is standard practice; the explicit npm_config_global override is a safety measure, not exfiltration. | ai | |
| semgrep | semgrep:child-process-import | AI (semgrep): child_process is used to spawn npm as a fallback binary installer — expected and legitimate for a binary distribution package. | ai | |
| bogus-package | bogus-package | AI (bogus-package): workerd is Cloudflare's official runtime; cosmetic README/keyword signals are irrelevant for this well-known infrastructure package. | ai |
Versions (showing 25 of 25)
| Version | Deps | Published |
|---|---|---|
| 1.20260522.1 | 0 / 0 | |
| 1.20260521.1 | 0 / 0 | |
| 1.20260519.1 | 0 / 0 | |
| 1.20260518.1 | 0 / 0 | |
| 1.20260517.1 | 0 / 0 | |
| 1.20260516.1 | 0 / 0 | |
| 1.20260515.1 | 0 / 0 | |
| 1.20260514.1 | 0 / 0 | |
| 1.20260511.1 | 0 / 0 | |
| 1.20260510.1 | 0 / 0 | |
| 1.20260509.1 | 0 / 0 | |
| 1.20260507.1 | 0 / 0 | |
| 1.20260506.1 | 0 / 0 | |
| 1.20260503.1 | 0 / 0 | |
| 1.20260502.1 | 0 / 0 | |
| 1.20260430.1 | 0 / 0 | |
| 1.20260426.1 | 0 / 0 | |
| 1.20260425.1 | 0 / 0 | |
| 1.20260424.1 | 0 / 0 | |
| 1.20260408.1 | 0 / 0 | |
| 1.20260329.1 | 0 / 0 | |
| 1.20251216.0 | 0 / 0 | |
| 1.20251029.0 | 0 / 0 | |
| 1.20250424.0 | 0 / 0 | |
| 1.20241230.0 | 0 / 0 |
v1.20260522.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.20260521.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.20260519.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.20260518.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.20260517.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.20260516.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.20260515.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.20260514.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.20260511.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.20260510.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.20260509.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.20260507.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.20260506.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.20260503.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.20260502.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.20260430.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.20260426.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.20260425.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.20260424.1
3 findingsScript: node install.js
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/cloudflare/workerd/blob/c63bb6eb1bd72ec5b0a9477f91041d279d1d017d/install.js#L148 146 | } 147 | function installUsingNPM(pkg, subpath, binPath) { > 148 | const env = { ...process.env, npm_config_global: void 0 }; 149 | const libDir = import_path2.default.dirname(require.resolve("workerd")); 150 | const installDir = import_path2.default.join(libDir, "npm-install");
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.20260408.1
2 findingsThis version was published by a different npm account than previous versions on 2026-04-08. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.20260329.1
2 findingsThis version was published by a different npm account than previous versions on 2026-03-29. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.20251216.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.20251029.0
2 findingsPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
[Accepted risk] This version was published by a different npm account than previous versions on 2025-10-29. This could indicate a legitimate maintainer transition or an account compromise.
v1.20250424.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.20241230.0
3 findingsScript: node install.js
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/cloudflare/workerd/blob/f37b4c64ddc4b61e6eee541aceea13bd43a05501/install.js#L148 146 | } 147 | function installUsingNPM(pkg, subpath, binPath) { > 148 | const env = { ...process.env, npm_config_global: void 0 }; 149 | const libDir = import_path2.default.dirname(require.resolve("workerd")); 150 | const installDir = import_path2.default.join(libDir, "npm-install");
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.