@mai0313/rust_template MIT 25 versions

@mai0313/rust_template

npm Repository Homepage

A production-ready Rust project template to bootstrap new projects fast. It includes a clean Cargo layout, Docker, and a complete CI/CD suite.

25

Versions

MIT

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

mai0313

Keywords

cliaicoding-assistanttelemetryclaudecodexgeminiusage-trackeranalytics

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Package publishes via GitHub Actions CI/CD with SLSA attestation; this is the expected publisher identity.	ai	2026/05/22
install-scripts	install-script:postinstall	AI (install-scripts): Documented prebuilt-binary fetch pattern using adm-zip/tar; consistent with a Rust CLI tool across all versions.	ai	2026/05/09
npm-metadata	bundled-binaries	AI (npm-metadata): Platform-specific Rust binaries are the intended distribution mechanism; SLSA provenance confirms CI/CD build.	ai	2026/04/28
semgrep	semgrep:child-process-import	AI (semgrep): child_process used to spawn the appropriate platform binary — standard launcher pattern for native CLI tools.	ai	2026/04/28

Versions (showing 25 of 25)

Version	Deps	Published
0.2.6	0 / 0	2026-05-21
0.2.5	0 / 0	2026-05-21
0.2.4	0 / 0	2026-05-11
0.2.3	0 / 0	2026-05-11
0.2.2	0 / 0	2026-05-01
0.2.1	0 / 0	2026-04-25
0.2.0	0 / 0	2026-04-25
0.1.39	0 / 0	2026-04-24
0.1.38	0 / 0	2026-04-24
0.1.37	0 / 0	2026-04-23
0.1.36	0 / 0	2026-03-04
0.1.35	0 / 0	2026-03-03
0.1.32	0 / 0	2025-10-25
0.1.31	0 / 0	2025-10-22
0.1.30	0 / 0	2025-10-19
0.1.29	0 / 0	2025-10-19
0.1.28	0 / 0	2025-10-13
0.1.27	0 / 0	2025-10-11
0.1.26	0 / 0	2025-10-09
0.1.25	0 / 0	2025-10-09
0.1.24	0 / 0	2025-10-08
0.1.23	0 / 0	2025-10-08
0.1.22	0 / 0	2025-10-08
0.1.21	0 / 0	2025-10-07
0.1.19	2 / 0	2025-10-07

v0.2.6

2 findings

HIGH Publisher changed: mai0313 → GitHub Actions (on 2026-05-21) provenance

This version was published by a different npm account than previous versions on 2026-05-21. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.1

2 findings

HIGH Bundled binary files (6) npm-metadata

Package contains compiled binaries that could be backdoors: • binaries/linux-arm64-gnu/rust_template • binaries/linux-x64-gnu/rust_template • binaries/macos-arm64/rust_template • binaries/macos-x64/rust_template • binaries/windows-arm64/rust_template.exe • binaries/windows-x64/rust_template.exe

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.39

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.38

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.37

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.36

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.35

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.32

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.31

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.30

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.29

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.28

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.27

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.26

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.25

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.24

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.23

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.22

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.21

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.19

2 findings

HIGH Package has 'postinstall' script install-scripts

Script: node install.js

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.