@kreuzberg/liter-llm-native
Native NAPI-RS bindings for liter-llm — high-performance LLM client powered by Rust
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| npm-metadata | bundled-binaries | AI (npm-metadata): NAPI-RS Rust binding; platform-specific .node files are the expected build output, confirmed by SLSA provenance attestation. | ai |
v1.2.2
2 findingsPackage contains compiled binaries that could be backdoors: • liter-llm-node.darwin-arm64.node • liter-llm-node.linux-arm64-gnu.node • liter-llm-node.linux-x64-gnu.node • liter-llm-node.win32-x64-msvc.node
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.2.1
2 findingsPackage contains compiled binaries that could be backdoors: • liter-llm-node.darwin-arm64.node • liter-llm-node.linux-arm64-gnu.node • liter-llm-node.linux-x64-gnu.node • liter-llm-node.win32-x64-msvc.node
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.2.0
2 findingsPackage contains compiled binaries that could be backdoors: • liter-llm-node.darwin-arm64.node • liter-llm-node.linux-arm64-gnu.node • liter-llm-node.linux-x64-gnu.node • liter-llm-node.win32-x64-msvc.node
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.