@ropoctl/genai-node-win32-arm64-msvc MIT OR Apache-2.0 2 versions

@ropoctl/genai-node-win32-arm64-msvc

npm Repository Homepage

Node.js N-API bindings for rust-genai (win32-arm64-msvc)

Versions

MIT OR Apache-2.0

License

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

ropoctl

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
npm-metadata	bundled-binaries	AI (npm-metadata): Platform-specific N-API native binding; binary is expected and covered by SLSA provenance attestation.	ai	2026/05/06
npm-metadata	suspicious-initial-version	AI (npm-metadata): 0.0.0 is the documented bootstrap version for this platform-specific native binary package family.	ai	2026/05/06
bogus-package	bogus-package	AI (bogus-package): Intentional placeholder/bootstrap package for native binary distribution; empty payload is expected.	ai	2026/05/06

Version	Deps	Published
0.1.0	0 / 0	2026-04-30
0.0.0	0 / 0	2026-04-30

2 findings

HIGH Bundled binary files (1) npm-metadata

Package contains compiled binaries that could be backdoors: • index.node

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.