← Home

@php-wasm/compile-extension

npm Repository Homepage

Build PHP.wasm extension side modules across PHP versions

13
Versions
GPL-2.0-or-later
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

bgrgicakadamzielbrandonpayton-a8csejasdanielbachhuberyannickdecatjanjakesakirk

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
phantom-deps phantom-dep:fs-ext-extra-prebuilt AI (phantom-deps): Platform-specific binary package; stable pattern for build tools. ai
phantom-deps phantom-dep:@php-wasm/universal AI (phantom-deps): Same-org scoped dependency; stable pattern for monorepo. ai
phantom-deps phantom-dep:wasm-feature-detect AI (phantom-deps): Config-referenced dependency; stable pattern for build tools. ai
phantom-deps phantom-dep:ws AI (phantom-deps): Config-referenced dependency; stable pattern for build tools. ai
phantom-deps phantom-dep:ajv AI (phantom-deps): Config-referenced dependency; stable pattern for build tools. ai
phantom-deps phantom-dep:ini AI (phantom-deps): Config-referenced dependency; stable pattern for build tools. ai
phantom-deps phantom-dep:yargs AI (phantom-deps): Config-referenced dependency; stable pattern for build tools. ai
phantom-deps phantom-dep:express AI (phantom-deps): Config-referenced dependency; stable pattern for build tools. ai
phantom-deps phantom-dep:jsonc-parser AI (phantom-deps): Config-referenced dependency; stable pattern for build tools. ai
phantom-deps phantom-dep:@php-wasm/node AI (phantom-deps): Same-org scoped dependency; stable pattern for monorepo. ai
phantom-deps phantom-dep:fast-xml-parser AI (phantom-deps): Config-referenced dependency; stable pattern for build tools. ai
bogus-package bogus-package AI (bogus-package): Intentional namespace placeholder for WordPress Playground; sparse content is expected. ai
npm-metadata suspicious-initial-version AI (npm-metadata): Explicitly declared placeholder package from a trusted publisher; 0.0.0 is intentional. ai

Versions (showing 13 of 13)

Version Deps Published
3.1.36 2 / 0
3.1.35 2 / 0
3.1.34 2 / 0
3.1.33 2 / 0
3.1.32 2 / 0
3.1.31 2 / 0
3.1.30 2 / 0
3.1.29 2 / 0
3.1.28 12 / 0
3.1.27 11 / 0
3.1.26 11 / 0
3.1.25 10 / 0
0.0.0 0 / 0

v3.1.36

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.35

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.34

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.33

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.32

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.31

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.30

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.29

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.28

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.27

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.26

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.25

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.