@livekit/rtc-ffi-bindings
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:child-process-import | AI (semgrep): Used solely for musl detection via ldd --version; standard napi-rs binary selection pattern. | ai | |
| semgrep | semgrep:child-process-execsync | AI (semgrep): Hardcoded ldd --version call for musl detection; no user-controlled input, stable pattern for this package. | ai | |
| semgrep | semgrep:dynamic-require | AI (semgrep): Loads NAPI_RS_NATIVE_LIBRARY_PATH env var; documented napi-rs override mechanism for native bindings. | ai |
Versions (showing 16 of 16)
| Version | Deps | Published |
|---|---|---|
| 0.12.62 | 1 / 5 | |
| 0.12.61 | 1 / 5 | |
| 0.12.60 | 1 / 5 | |
| 0.12.59 | 1 / 5 | |
| 0.12.58 | 1 / 5 | |
| 0.12.57 | 1 / 5 | |
| 0.12.56 | 1 / 5 | |
| 0.12.55 | 1 / 5 | |
| 0.12.54 | 1 / 5 | |
| 0.12.53 | 1 / 5 | |
| 0.12.52 | 1 / 5 | |
| 0.12.51 | 1 / 5 | |
| 0.12.50 | 1 / 5 | |
| 0.12.49 | 1 / 5 | |
| 0.12.48 | 1 / 5 | |
| 0.12.45 | 1 / 5 |
v0.12.62
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.61
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.60
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.59
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.58
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.57
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.56
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.55
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.54
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.53
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.52
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.51
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.50
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.49
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.48
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.45
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.