@risuko/risuko-js MIT 10 versions

@risuko/risuko-js

npm Repository Homepage

Risuko download engine — Node.js native bindings for multi-protocol downloads (HTTP, BitTorrent, ED2K, M3U8, FTP/SFTP)

10

Versions

MIT

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

yuemiyuki

Keywords

downloadtorrentbittorrented2km3u8ftpdownload-manager

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
semgrep	semgrep:dynamic-require	AI (semgrep): NAPI platform-binding loader pattern; packageName is a platform-specific optional dep, not user-controlled input.	ai	2026/04/28

Versions (showing 10 of 10)

Version	Deps	Published
0.3.1	0 / 0	2026-05-23
0.3.0	0 / 0	2026-05-12
0.2.0	0 / 0	2026-04-26
0.1.10	0 / 0	2026-04-23
0.1.9	0 / 0	2026-04-19
0.1.8	0 / 0	2026-04-18
0.1.7	0 / 0	2026-04-17
0.1.6	0 / 0	2026-04-17
0.1.5	0 / 0	2026-04-16
0.1.4	0 / 0	2026-04-15

v0.3.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.2.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.10

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.9

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.8

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.7

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.6

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.5

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.4

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.