@rolldown/binding-freebsd-x64
Fast JavaScript/TypeScript bundler in Rust with Rollup-compatible API.
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | publisher-changed | AI (provenance): Moved from rolldownbot to GitHub Actions CI; SLSA provenance present. Stable for this org. | ai | |
| npm-metadata | bundled-binaries | AI (npm-metadata): This package exists to distribute a prebuilt native .node binary for rolldown on FreeBSD x64; bundled binary is its entire purpose. | ai | |
| bogus-package | bogus-package | AI (bogus-package): No deps and short README are standard for platform-specific native binary distribution packages. | ai |
Versions (showing 12 of 12)
| Version | Deps | Published |
|---|---|---|
| 1.1.0 | 0 / 0 | |
| 1.0.3 | 0 / 0 | |
| 1.0.2 | 0 / 0 | |
| 1.0.1 | 0 / 0 | |
| 1.0.0 | 0 / 0 | |
| 0.15.1 | 0 / 0 | |
| 0.15.0 | 0 / 0 | |
| 0.14.0 | 0 / 0 | |
| 0.13.2 | 0 / 0 | |
| 0.13.1 | 0 / 0 | |
| 0.13.0 | 0 / 0 | |
| 0.12.2 | 0 / 0 |
v1.1.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.0.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.0.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.0.1
2 findingsThis version was published by a different npm account than previous versions on 2026-05-13. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.0.0
2 findingsThis version was published by a different npm account than previous versions on 2026-05-07. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.15.1
2 findingsPackage contains compiled binaries that could be backdoors: • rolldown-binding.freebsd-x64.node
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.15.0
2 findingsPackage contains compiled binaries that could be backdoors: • rolldown-binding.freebsd-x64.node
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.14.0
2 findingsPackage contains compiled binaries that could be backdoors: • rolldown-binding.freebsd-x64.node
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.13.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.13.1
2 findingsPackage contains compiled binaries that could be backdoors: • rolldown-binding.freebsd-x64.node
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.13.0
2 findingsPackage contains compiled binaries that could be backdoors: • rolldown-binding.freebsd-x64.node
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.12.2
2 findingsPackage contains compiled binaries that could be backdoors: • rolldown-binding.freebsd-x64.node
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.