@cipherstash/protect-ffi-linux-x64-gnu ISC 6 versions

@cipherstash/protect-ffi-linux-x64-gnu

npm Repository Homepage

Prebuilt binary package for `@cipherstash/protect-ffi` on `linux-x64-gnu`.

Versions

ISC

License

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

cs_lindsaydrew_cipherstashjames-sadlerdan-drapercs-zcjbrewer

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
npm-metadata	bundled-binaries	AI (npm-metadata): Prebuilt Neon/Rust native binding; index.node is the sole deliverable by design.	ai	2026/05/06
bogus-package	bogus-package	AI (bogus-package): Auto-generated platform-specific binary split package; sparse metadata is expected for this pattern.	ai	2026/05/06

Versions (showing 6 of 6)

Version	Deps	Published
0.25.0	0 / 0	2026-05-29
0.24.0	0 / 0	2026-05-26
0.22.0	0 / 0	2026-05-20
0.21.4	0 / 0	2026-05-01
0.21.2	0 / 0	2026-04-09
0.21.1	0 / 0	2026-04-08

v0.25.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.24.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.22.0

2 findings

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: cs_lindsay → cs-zcjbrewer (on 2026-05-20, known maintainer) provenance

This version was published by a different npm account (cs-zcjbrewer) than the most recent previously approved version (cs_lindsay) on 2026-05-20, but cs-zcjbrewer is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.

v0.21.4

2 findings

HIGH Bundled binary files (1) npm-metadata

Package contains compiled binaries that could be backdoors: • index.node

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.21.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.21.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.