@prairielearn/bind-mount
This package allows for the creation and removal of bind mounts via native bindings to the [`mount()`](https://man7.org/linux/man-pages/man2/mount.2.html) and [`umount()`](https://man7.org/linux/man-pages/man2/umount.2.html) Linux system calls. These bind
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| install-scripts | install-script:install | AI (install-scripts): node-gyp rebuild is the standard native addon compile step; stable for this package. | ai | |
| phantom-deps | phantom-dep:nan | AI (phantom-deps): nan is a native addon build-time dependency used via binding.gyp, not directly imported in JS. | ai | |
| phantom-deps | phantom-dep:node-gyp | AI (phantom-deps): node-gyp is a known implicit build tool dependency, not directly imported in JS. | ai |
v2.0.3
2 findingsScript: node-gyp rebuild
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.0.0
2 findingsScript: node-gyp rebuild
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.1.16
2 findingsScript: node-gyp rebuild
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.1.14
2 findingsScript: node-gyp rebuild
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.