@bifrost-proxy/bifrost MIT 12 versions

@bifrost-proxy/bifrost

npm Repository Homepage

High-performance HTTP/HTTPS/SOCKS5 proxy server written in Rust

12

Versions

MIT

License

Yes

Install Scripts

Missing

Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

hxfdarling

Keywords

proxybifrostwhistlecharlesfiddlermitmproxypostmanhttpsocks5websocketmitmcapturemocknetworkdevtools

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
install-scripts	install-script:postinstall	AI (install-scripts): Postinstall selects and installs platform-specific prebuilt Rust binaries; standard pattern for native binary npm wrappers.	ai	2026/04/29
semgrep	semgrep:env-spread	AI (semgrep): Spreads process.env only to strip npm_config_global before a subprocess call; not exfiltrating secrets.	ai	2026/04/29
semgrep	semgrep:dynamic-require	AI (semgrep): Loads own package.json via path.join(__dirname, 'package.json'); not loading arbitrary user-controlled modules.	ai	2026/04/29
semgrep	semgrep:child-process-import	AI (semgrep): child_process used in install.js to run npm install for platform binary; expected for native binary distribution.	ai	2026/04/29

Versions (showing 12 of 12)

Version	Deps	Published
0.0.80	0 / 0	2026-05-21
0.0.78	0 / 0	2026-05-13
0.0.77	0 / 0	2026-05-11
0.0.76	0 / 0	2026-05-11
0.0.74	0 / 0	2026-05-09
0.0.73	0 / 0	2026-05-09
0.0.72	0 / 0	2026-05-08
0.0.70	0 / 0	2026-05-07
0.0.68	0 / 0	2026-05-06
0.0.67	0 / 0	2026-04-30
0.0.66	0 / 0	2026-04-29
0.0.61	0 / 0	2026-04-24

v0.0.80

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.78

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.77

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.76

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.74

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.73

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.72

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.70

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.68

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.61

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.