@opendal/lib-win32-arm64-msvc Apache-2.0 2 versions

@opendal/lib-win32-arm64-msvc

npm Repository Homepage

Apache OpenDAL: One Layer, All Storage.

Versions

Apache-2.0

License

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

xuanwovp-brand-asftheasfkingsword09suyanhanx

apifsfile systemgcsghachttpipmfsmemoryobsosss3storagewebdavwebhdfs

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
npm-metadata	bundled-binaries	AI (npm-metadata): Platform-specific native Node.js binding for Apache OpenDAL; .node binary is the expected deliverable with SLSA provenance.	ai	2026/05/05
bogus-package	bogus-package	AI (bogus-package): Platform-specific binary sub-package; no deps or detailed README is normal for this pattern.	ai	2026/05/05

Version	Deps	Published
0.49.4	0 / 0	2026-06-01
0.49.3	0 / 0	2026-04-30

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

2 findings

HIGH Bundled binary files (1) npm-metadata

Package contains compiled binaries that could be backdoors: • opendal.win32-arm64-msvc.node

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.