@fallow-cli/fallow-node
Native Node.js bindings for fallow dead-code, duplication, and health analyses.
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | publisher-changed | AI (provenance): Transition to GitHub Actions CI publishing with SLSA attestation; legitimate automation, not a compromise. | ai | |
| semgrep | semgrep:child-process-import | AI (semgrep): Used only for musl detection via ldd --version; standard napi-rs binding pattern. | ai | |
| semgrep | semgrep:child-process-execsync | AI (semgrep): execSync('ldd --version') is the canonical musl detection approach in napi-rs loaders. | ai | |
| semgrep | semgrep:dynamic-require | AI (semgrep): NAPI_RS_NATIVE_LIBRARY_PATH override is standard napi-rs escape hatch for custom binary paths. | ai |
Versions (showing 51 of 51)
| Version | Deps | Published |
|---|---|---|
| 2.88.3 | 0 / 1 | |
| 2.88.2 | 0 / 1 | |
| 2.88.1 | 0 / 1 | |
| 2.88.0 | 0 / 1 | |
| 2.87.0 | 0 / 1 | |
| 2.86.0 | 0 / 1 | |
| 2.85.0 | 0 / 1 | |
| 2.84.0 | 0 / 1 | |
| 2.83.0 | 0 / 1 | |
| 2.82.0 | 0 / 1 | |
| 2.81.0 | 0 / 1 | |
| 2.80.0 | 0 / 1 | |
| 2.79.0 | 0 / 1 | |
| 2.78.1 | 0 / 1 | |
| 2.78.0 | 0 / 1 | |
| 2.77.0 | 0 / 1 | |
| 2.73.0 | 0 / 1 | |
| 2.70.0 | 0 / 1 | |
| 2.69.0 | 0 / 1 | |
| 2.68.0 | 0 / 1 | |
| 2.67.0 | 0 / 1 | |
| 2.66.2 | 0 / 1 | |
| 2.66.1 | 0 / 1 | |
| 2.66.0 | 0 / 1 | |
| 2.65.0 | 0 / 1 | |
| 2.64.0 | 0 / 1 | |
| 2.63.0 | 0 / 1 | |
| 2.62.0 | 0 / 1 | |
| 2.61.0 | 0 / 1 | |
| 2.60.0 | 0 / 1 | |
| 2.59.0 | 0 / 1 | |
| 2.58.0 | 0 / 1 | |
| 2.57.0 | 0 / 1 | |
| 2.56.0 | 0 / 1 | |
| 2.55.0 | 0 / 1 | |
| 2.54.3 | 0 / 1 | |
| 2.54.2 | 0 / 1 | |
| 2.54.1 | 0 / 1 | |
| 2.54.0 | 0 / 1 | |
| 2.53.0 | 0 / 1 | |
| 2.52.2 | 0 / 1 | |
| 2.52.1 | 0 / 1 | |
| 2.52.0 | 0 / 1 | |
| 2.51.0 | 0 / 1 | |
| 2.50.0 | 0 / 1 | |
| 2.49.0 | 0 / 1 | |
| 2.48.5 | 0 / 1 | |
| 2.48.4 | 0 / 1 | |
| 2.48.1 | 0 / 1 | |
| 2.48.0 | 0 / 1 | |
| 2.47.0 | 0 / 1 |
v2.88.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.88.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.88.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.88.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.87.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.86.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.85.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.84.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.83.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.82.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.81.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.80.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.79.0
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.78.1
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.78.0
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.77.0
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.73.0
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.70.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.69.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.68.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.67.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.66.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.66.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.66.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.65.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.64.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.63.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.62.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.61.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.60.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.59.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.58.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.57.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.56.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.55.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.