← Home

@achingbrain/nat-port-mapper

npm Repository Homepage
3
Versions
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

achingbrain

Keywords

apiforwardingholepunchmapmappingnatnat-pmppmpportupnp

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
semgrep semgrep:shady-links-raw-ip AI (semgrep): The raw IP appears in a JSDoc comment as a documentation example. UPnP/NAT-PMP libraries inherently communicate with gateway devices via raw IP addresses — this is expected behavior, not a security concern. ai

Versions (showing 3 of 3)

Version Deps Published
4.0.5 9 / 5
4.0.4 9 / 5
4.0.3 9 / 5

v4.0.4

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v4.0.3

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.