@kreuzberg/kreuzcrawl
1
Versions
Elastic-2.0
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
gitHead linked
Maintainers
nhirschfeld
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| npm-metadata | bundled-binaries | AI (npm-metadata): NAPI-RS native binding package; .node files are the expected build output, published with SLSA provenance. | ai | |
| semgrep | semgrep:child-process-execsync | AI (semgrep): execSync('ldd --version') is the standard napi-rs musl detection pattern; not arbitrary command execution. | ai | |
| semgrep | semgrep:child-process-import | AI (semgrep): child_process used only for ldd musl detection; stable pattern for this native binding loader. | ai | |
| semgrep | semgrep:dynamic-require | AI (semgrep): Dynamic require resolves NAPI_RS_NATIVE_LIBRARY_PATH, a documented napi-rs override env var. | ai |
Versions (showing 1 of 1)
| Version | Deps | Published |
|---|---|---|
| 0.2.0 | 0 / 1 |