@clawos-dev/clawd
Standalone clawd daemon — Claude Code (and future Codex) session server over WebSocket
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:@lydell/node-pty | AI (dependencies): @lydell/node-pty is a well-known fork maintained by a reputable contributor; appropriate for a terminal daemon package. | ai | |
| phantom-deps | phantom-dep:@lydell/node-pty | AI (phantom-deps): PTY lib referenced in config; expected for session-server package. | ai | |
| publish-pattern | rapid-publish | AI (publish-pattern): 330 versions in 36 days indicates CI-driven automated publishing; rapid cadence is the norm for this package. | ai | |
| phantom-deps | phantom-dep:jszip | AI (phantom-deps): jszip is a well-known library; phantom-dep likely reflects bundled/indirect usage in this daemon package. | ai | |
| phantom-deps | phantom-dep:@xterm/headless | AI (phantom-deps): Terminal daemon package; xterm headless likely instantiated dynamically, not via static import. | ai | |
| phantom-deps | phantom-dep:@xterm/addon-serialize | AI (phantom-deps): xterm addon loaded at runtime via addon API, not static import — stable false positive for this package. | ai |
Versions (showing 51 of 71)
| Version | Deps | Published |
|---|---|---|
| 0.2.128 | 4 / 16 | |
| 0.2.120 | 4 / 16 | |
| 0.2.119 | 4 / 16 | |
| 0.2.109 | 4 / 16 | |
| 0.2.108 | 4 / 16 | |
| 0.2.107 | 4 / 16 | |
| 0.2.105 | 4 / 16 | |
| 0.2.101 | 4 / 16 | |
| 0.2.95 | 3 / 16 | |
| 0.2.83 | 3 / 16 | |
| 0.2.68 | 3 / 16 | |
| 0.2.67 | 3 / 16 | |
| 0.2.61 | 3 / 16 | |
| 0.2.60 | 3 / 16 | |
| 0.2.55 | 3 / 16 | |
| 0.2.54 | 3 / 16 | |
| 0.2.52 | 0 / 16 | |
| 0.2.51 | 0 / 16 | |
| 0.2.50 | 0 / 16 | |
| 0.2.49 | 0 / 16 | |
| 0.2.48 | 0 / 16 | |
| 0.2.47 | 0 / 16 | |
| 0.2.46 | 0 / 16 | |
| 0.2.45 | 0 / 16 | |
| 0.2.44 | 0 / 16 | |
| 0.2.43 | 0 / 16 | |
| 0.2.42 | 0 / 16 | |
| 0.2.41 | 0 / 16 | |
| 0.2.40 | 0 / 16 | |
| 0.2.39 | 0 / 16 | |
| 0.2.38 | 0 / 16 | |
| 0.2.37 | 0 / 16 | |
| 0.2.36 | 0 / 16 | |
| 0.2.35 | 0 / 16 | |
| 0.2.34 | 0 / 16 | |
| 0.2.33 | 0 / 16 | |
| 0.2.32 | 0 / 16 | |
| 0.2.31 | 0 / 16 | |
| 0.2.30 | 0 / 16 | |
| 0.2.29 | 0 / 16 | |
| 0.2.28 | 0 / 16 | |
| 0.2.27 | 0 / 16 | |
| 0.2.26 | 0 / 16 | |
| 0.2.25 | 0 / 16 | |
| 0.2.24 | 0 / 16 | |
| 0.2.23 | 0 / 16 | |
| 0.2.22 | 0 / 16 | |
| 0.2.21 | 0 / 16 | |
| 0.2.20 | 0 / 16 | |
| 0.2.19 | 0 / 16 | |
| 0.2.18 | 0 / 16 |
v0.2.128
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.120
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.119
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.109
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.108
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.107
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.105
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.101
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.95
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.83
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.68
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.67
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.61
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.60
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.55
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.54
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.52
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.51
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.50
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.49
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.48
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.47
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.46
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.45
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.44
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.43
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.42
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.41
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.40
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.39
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.38
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.37
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.36
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.35
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.34
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.33
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.32
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.31
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.30
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.29
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.28
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.27
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.26
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.25
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.24
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.23
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.22
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.21
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.20
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.19
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.18
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.