@chainsafe/blst
1
Versions
—
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
gitHead linked
Maintainers
sadiq1971anserminogregthegreekpriomwemeetagainmpetrunic
Keywords
blsbls12-381blstcryptoethereumnapi
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| typosquat | typosquat.levenshtein:jest | AI (typosquat): @chainsafe/blst is a scoped BLS12-381 crypto library from ChainSafe; the Levenshtein match to 'jest' is purely coincidental and not a typosquat. | ai | |
| semgrep | semgrep:child-process-import | AI (semgrep): child_process is used solely to run 'which ldd' for musl libc detection in this NAPI native binding — a standard and benign pattern. | ai | |
| semgrep | semgrep:child-process-execsync | AI (semgrep): execSync('which ldd') detects musl libc for correct prebuilt binary selection; not malicious, standard NAPI addon pattern. | ai |
Versions (showing 1 of 1)
| Version | Deps | Published |
|---|---|---|
| 2.2.0 | 0 / 21 |
v2.2.0
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.