← Home

@jitsi/robotjs

npm Repository Homepage
5
Versions
License
Yes
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

hristoterezovyanasjitsiorgsaghulmihhujallamsettyandrei.gavrilescudamenchocalinteodor

Keywords

AutomationGUImousekeyboardscreenshotimagepixeldesktoprobotjsscreenrecognitionautohotkeymachinelearningcolor

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
install-scripts install-script:install AI (install-scripts): node-gyp-build is the canonical prebuilt-binary loader for native addons; stable pattern for this package. ai
npm-metadata bundled-binaries AI (npm-metadata): Prebuilt .node binaries are expected for this native addon; SLSA provenance attestation confirms CI/CD build integrity. ai
phantom-deps phantom-dep:node-addon-api AI (phantom-deps): node-addon-api is a build-time C++ header dependency referenced in binding.gyp, not a JS import — stable false positive. ai

Versions (showing 5 of 5)

Version Deps Published
0.6.22 2 / 5
0.6.21 2 / 5
0.6.20 2 / 5
0.6.18 2 / 5
0.6.17 2 / 5

v0.6.22

3 findings
HIGH Package has 'install' script install-scripts

Script: node-gyp-build

HIGH Bundled binary files (5) npm-metadata

Package contains compiled binaries that could be backdoors: • prebuilds/linux-arm64/@jitsi+robotjs.node • prebuilds/linux-x64/@jitsi+robotjs.node • prebuilds/win32-arm64/@jitsi+robotjs.node • prebuilds/win32-ia32/@jitsi+robotjs.node • prebuilds/win32-x64/@jitsi+robotjs.node

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.21

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.20

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.18

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.17

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.