@php-wasm/node-7-4 GPL-2.0-or-later 20 versions

@php-wasm/node-7-4

npm Repository Homepage

PHP 7.4 WebAssembly binaries for node

20

Versions

GPL-2.0-or-later

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

bgrgicakadamzielbrandonpayton-a8csejasdanielbachhuberyannickdecatjanjakesakirk

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
semgrep	semgrep:eval-usage	AI (semgrep): eval() is in Emscripten-generated WASM glue code for dynamic ASM_CONSTS registration; stable pattern for this package.	ai	2026/04/29
semgrep	semgrep:child-process-import	AI (semgrep): child_process used in WASM glue to implement PHP system() via spawnSync; expected in Emscripten Node.js builds.	ai	2026/04/29
phantom-deps	phantom-dep:ini	AI (phantom-deps): ini is a runtime dep used via config files, not direct import; stable false positive for this package.	ai	2026/04/29
phantom-deps	phantom-dep:@php-wasm/universal	AI (phantom-deps): Same-org sibling dep; phantom-dep heuristic is a false positive here.	ai	2026/04/29

Versions (showing 20 of 20)

Version	Deps	Published
3.1.36	2 / 0	2026-06-01
3.1.35	2 / 0	2026-05-25
3.1.34	2 / 0	2026-05-18
3.1.33	2 / 0	2026-05-14
3.1.32	2 / 0	2026-05-14
3.1.31	2 / 0	2026-05-14
3.1.30	2 / 0	2026-05-11
3.1.29	2 / 0	2026-05-07
3.1.28	5 / 0	2026-05-05
3.1.27	5 / 0	2026-05-04
3.1.26	5 / 0	2026-05-03
3.1.25	4 / 0	2026-05-03
3.1.22	4 / 0	2026-05-01
3.1.21	4 / 0	2026-04-27
3.1.20	4 / 0	2026-04-16
3.1.19	4 / 0	2026-04-13
3.1.18	4 / 0	2026-04-07
3.1.16	4 / 0	2026-04-06
3.1.15	4 / 0	2026-03-31
3.1.14	4 / 0	2026-03-30

v3.1.36

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.35

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.34

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.33

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.32

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.31

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.30

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.29

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.28

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.27

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.26

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.25

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.22

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.20

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.19

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.18

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.16

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.15

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.1.14

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.