@realtimex/node-llama-cpp-linux-x64-cuda-ext
Extension of @realtimex/linux-x64-cuda - prebuilt binary for node-llama-cpp for Linux x64 with CUDA support
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| publish-pattern | new-deps-added | AI (publish-pattern): New chunk deps follow the established same-org chunked binary pattern; adding chunk-06 is consistent with binary growth across versions. | ai | |
| phantom-deps | phantom-dep:@realtimex/node-llama-cpp-linux-x64-cuda-ext-chunk-01 | AI (phantom-deps): Chunk packages are consumed by the assembler script at install time, not via static JS imports. False positive for this chunked-binary pattern. | ai | |
| phantom-deps | phantom-dep:@realtimex/node-llama-cpp-linux-x64-cuda-ext-chunk-02 | AI (phantom-deps): Chunk packages are consumed by the assembler script at install time, not via static JS imports. False positive for this chunked-binary pattern. | ai | |
| phantom-deps | phantom-dep:@realtimex/node-llama-cpp-linux-x64-cuda-ext-chunk-03 | AI (phantom-deps): Chunk packages are consumed by the assembler script at install time, not via static JS imports. False positive for this chunked-binary pattern. | ai | |
| install-scripts | install-script:postinstall | AI (install-scripts): Postinstall assembles chunked prebuilt CUDA binaries from same-scope chunk packages. Standard pattern for large native binaries exceeding npm size limits; backed by SLSA provenance. | ai | |
| phantom-deps | phantom-dep:@realtimex/node-llama-cpp-linux-x64-cuda-ext-chunk-05 | AI (phantom-deps): Chunk packages are consumed by the assembler script at install time, not via static JS imports. False positive for this chunked-binary pattern. | ai | |
| phantom-deps | phantom-dep:@realtimex/node-llama-cpp-linux-x64-cuda-ext-chunk-06 | AI (phantom-deps): Chunk packages are consumed by the assembler script at install time, not via static JS imports. False positive for this chunked-binary pattern. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Platform-specific binary sub-package; minimal README and no keywords are expected for this type of distribution artifact. | ai | |
| phantom-deps | phantom-dep:@realtimex/node-llama-cpp-linux-x64-cuda-ext-chunk-04 | AI (phantom-deps): Chunk packages are consumed by the assembler script at install time, not via static JS imports. False positive for this chunked-binary pattern. | ai |
Versions (showing 14 of 114)
| Version | Deps | Published |
|---|---|---|
| 0.20.0 | 6 / 0 | |
| 0.18.0 | 6 / 0 | |
| 0.15.0 | 6 / 0 | |
| 0.13.0 | 6 / 0 | |
| 0.12.0 | 6 / 0 | |
| 0.11.0 | 6 / 0 | |
| 0.9.0 | 6 / 0 | |
| 0.8.0 | 6 / 0 | |
| 0.7.0 | 6 / 0 | |
| 0.6.0 | 6 / 0 | |
| 0.5.0 | 6 / 0 | |
| 0.4.0 | 6 / 0 | |
| 0.3.1 | 6 / 0 | |
| 0.3.0 | 6 / 0 |
v0.20.0
2 findingsScript: node ./dist/index.js --assemble
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.18.0
2 findingsScript: node ./dist/index.js --assemble
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.15.0
2 findingsScript: node ./dist/index.js --assemble
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.13.0
2 findingsScript: node ./dist/index.js --assemble
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.0
2 findingsScript: node ./dist/index.js --assemble
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.11.0
2 findingsScript: node ./dist/index.js --assemble
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.9.0
2 findingsScript: node ./dist/index.js --assemble
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.0
2 findingsScript: node ./dist/index.js --assemble
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.0
2 findingsScript: node ./dist/index.js --assemble
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.0
2 findingsScript: node ./dist/index.js --assemble
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.0
2 findingsScript: node ./dist/index.js --assemble
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.0
2 findingsScript: node ./dist/index.js --assemble
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.1
2 findingsScript: node ./dist/index.js --assemble
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.0
2 findingsScript: node ./dist/index.js --assemble
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.