@napi-rs/nice-openharmony-arm64 MIT 2 versions

@napi-rs/nice-openharmony-arm64

npm Repository Homepage

https://linux.die.net/man/2/nice binding for Node.js

Versions

MIT

License

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

broooooklynforehalo

napi-rsNAPIN-APIRustnode-addonnode-addon-apinice

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
npm-metadata	bundled-binaries	AI (npm-metadata): Standard napi-rs platform binary package; .node file is the intended artifact, backed by SLSA provenance.	ai	2026/05/19
bogus-package	bogus-package	AI (bogus-package): Platform-specific optional dep packages in napi-rs ecosystem have no deps and minimal READMEs by design.	ai	2026/05/19

Version	Deps	Published
1.1.1	0 / 0	2025-08-14
1.0.4	0 / 0	2025-08-13

2 findings

HIGH Bundled binary files (1) npm-metadata

Package contains compiled binaries that could be backdoors: • nice.openharmony-arm64.node

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.