← Home

@100mslive/hms-virtual-background

npm Repository Homepage

[![Lint, Test and Build](https://github.com/100mslive/web-sdks/actions/workflows/lint-test-build.yml/badge.svg)](https://github.com/100mslive/web-sdks/actions/workflows/lint-test-build.yml) [![Bundle Size](https://badgen.net/bundlephobia/minzip/@100mslive

11
Versions
MIT
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

yogeshfromhmsaniketbaniket100mseswar-clynnvishal09vivek9patelravitheja83saptanpmsaikatmitra-100ms

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
maintainer-change maintainer-added AI (maintainer-change): Org migrated to CI/CD publisher (saptanpm); SLSA provenance confirms legitimate automated publishing pipeline. ai
maintainer-change maintainer-removed AI (maintainer-change): Individual maintainers replaced by org CI account; consistent with centralized publishing, not a takeover. ai
dependencies unvetted-dep:effects-sdk AI (dependencies): effects-sdk is a video effects library; expected dependency for a virtual background plugin. ai
dependencies unvetted-dep:wasm-check AI (dependencies): wasm-check is a utility for detecting WASM support; appropriate for this virtual background package. ai
dependencies unvetted-dep:@tensorflow/tfjs-core AI (dependencies): TensorFlow.js core is a well-known ML library; expected for body segmentation in virtual backgrounds. ai
dependencies unvetted-dep:@mediapipe/selfie_segmentation AI (dependencies): MediaPipe selfie segmentation is a well-known Google CV library; expected for virtual background functionality. ai
dependencies unvetted-dep:@tensorflow/tfjs-backend-webgl AI (dependencies): TensorFlow.js WebGL backend; expected companion to tfjs-core for this package. ai
dependencies unvetted-dep:@tensorflow-models/body-segmentation AI (dependencies): Official TensorFlow.js body segmentation model; core to virtual background functionality. ai
phantom-deps phantom-dep:@tensorflow-models/body-segmentation AI (phantom-deps): Body segmentation model dep referenced in config; consistent with virtual background use case. ai
phantom-deps phantom-dep:@tensorflow/tfjs-converter AI (phantom-deps): TF.js converter referenced in config; expected for this ML plugin. ai
phantom-deps phantom-dep:@webassemblyjs/helper-wasm-bytecode AI (phantom-deps): Platform-specific WASM binary dep; expected for virtual background WASM usage. ai
phantom-deps phantom-dep:@webassemblyjs/wasm-gen AI (phantom-deps): WASM gen dep referenced in config; consistent with tflite/WASM usage in this package. ai
phantom-deps phantom-dep:@tensorflow/tfjs-core AI (phantom-deps): TF.js core is a peer/transitive dep referenced in config; expected pattern for this ML package. ai
phantom-deps phantom-dep:wasm-check AI (phantom-deps): wasm-check is a utility dep used in config/build context; stable false positive for this ML plugin package. ai

Versions (showing 11 of 11)

Version Deps Published
1.15.2 10 / 1
1.15.1 10 / 1
1.15.0 10 / 1
1.14.4 10 / 1
1.14.3 10 / 1
1.14.2 10 / 1
1.14.1 10 / 1
1.14.0 10 / 1
1.13.36 10 / 1
1.13.35 10 / 1
1.13.34 10 / 1

v1.15.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.15.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.14.4

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.14.3

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.14.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.14.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.14.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.13.36

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.13.35

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.13.34

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.