← Home

@builderbot/provider-baileys

npm Repository Homepage

Now I'm the model of a modern major general / The venerated Virginian veteran whose men are all / Lining up, to put me up on a pedestal / Writin' letters to relatives / Embellishin' my elegance and eloquence / But the elephant is in the room / The truth i

5
Versions
ISC
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

leifermendez

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
dependencies unvetted-dep:baileys AI (dependencies): baileys is the core WhatsApp library this provider is built on; expected dependency across all versions. ai
dependencies unvetted-dep:@types/polka AI (dependencies): Type definitions package used by the HTTP server layer; stable false positive for this package. ai
bogus-package bogus-package AI (bogus-package): Monorepo package with minimal standalone README; not a spam/phishing package. ai
phantom-deps phantom-dep:jimp AI (phantom-deps): Optional image processing dep; may be loaded conditionally or via config. ai
phantom-deps phantom-dep:cheerio AI (phantom-deps): Optional HTML parsing dep; conditionally used in provider features. ai
phantom-deps phantom-dep:fs-extra AI (phantom-deps): File utility dep; likely used indirectly or conditionally in provider. ai
phantom-deps phantom-dep:@adiwajshing/keyed-db AI (phantom-deps): Baileys peer dependency; referenced in config but loaded by baileys internally. ai
phantom-deps phantom-dep:@ffmpeg-installer/ffmpeg AI (phantom-deps): ffmpeg binary installer; used by fluent-ffmpeg at runtime, not directly imported. ai
phantom-deps phantom-dep:@types/polka AI (phantom-deps): Type definitions; not imported at runtime by design. ai

Versions (showing 5 of 5)

Version Deps Published
1.4.1 10 / 26
1.2.9 7 / 26
1.2.8 7 / 26
1.2.7 6 / 26
1.2.6 6 / 26

v1.4.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.2.9

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.2.8

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.2.7

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.2.6

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.