@sentio/runtime
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | net-exec-file:lib/chunk-3DTPHRJ2.js | AI (source-diff): Bundled tsup output; samples show standard library code (protobuf, base64, event emitter), not malware. | ai | |
| source-diff | net-exec-file:lib/chunk-LK4RU6UR.js | AI (source-diff): Bundled tsup output; samples show graceful-fs and fs-extra wrappers, not dropper/loader malware. | ai | |
| source-diff | net-exec-file:lib/chunk-WUUWUOFG.js | AI (source-diff): Bundled library code (graceful-fs, fs-extra wrappers); no actual dropper payload present in samples. | ai | |
| publish-pattern | rapid-publish | AI (publish-pattern): CI/CD pipeline publishing multiple packages in sequence; consistent with automated release workflow. | ai | |
| provenance | publisher-changed | AI (provenance): Legitimate migration to GitHub Actions CI/CD publishing; SLSA provenance attestation confirms integrity. | ai | |
| source-diff | net-exec-file:lib/chunk-TBN64DSW.js | AI (source-diff): Bundled library code (protobuf/base64/event-emitter); no actual dropper payload present in samples. | ai | |
| semgrep | semgrep:env-spread | AI (semgrep): process.env spread into child fork options is standard Node.js subprocess pattern for this processor runner. | ai | |
| phantom-deps | phantom-dep:piscina | AI (phantom-deps): piscina is declared as a runtime dependency in package.json; phantom-dep heuristic is a false positive here. | ai |
Versions (showing 8 of 8)
| Version | Deps | Published |
|---|---|---|
| 3.8.1 | 1 / 2 | |
| 3.8.0 | 1 / 2 | |
| 3.7.0 | 1 / 2 | |
| 3.6.2 | 1 / 2 | |
| 3.6.1 | 1 / 2 | |
| 3.6.0 | 1 / 2 | |
| 3.5.0 | 1 / 2 | |
| 2.63.0 | 1 / 2 |
v3.8.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.8.0
4 findingsThis version was published by a different npm account than previous versions on 2026-06-03. This could indicate a legitimate maintainer transition or an account compromise.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.7.0
2 findingsSpreading entire process.env into an object — may capture all secrets 285 | 286 | const child = fork(fileURLToPath(import.meta.url), childArgs, { > 287 | env: { 288 | ...process.env, 289 | IS_CHILD: 'true'
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.6.2
3 findingsSpreading entire process.env into an object — may capture all secrets 76 | `),this._exit(0,"commander.version",e)}),this}description(e,o){return e===void 0&&o===void 0?this._description:(this._de 77 | Expecting one of '${a.join("', '")}'`);let s=`${e}Help`;return this.on(s,u=>{let r;typeof o=="function"?r=o({error:u.err > 78 | `)}),this}_outputHelpIfRequested(e){let o=this._getHelpOption();o&&e.find(s=>o.is(s))&&(this.outputHelp(),this._exit(0," 79 | /*! Bundled license information: 80 |
Spreading entire process.env into an object — may capture all secrets 285 | 286 | const child = fork(fileURLToPath(import.meta.url), childArgs, { > 287 | env: { 288 | ...process.env, 289 | IS_CHILD: 'true'
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.6.1
2 findingsSpreading entire process.env into an object — may capture all secrets 285 | 286 | const child = fork(fileURLToPath(import.meta.url), childArgs, { > 287 | env: { 288 | ...process.env, 289 | IS_CHILD: 'true'
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.6.0
2 findingsSpreading entire process.env into an object — may capture all secrets 285 | 286 | const child = fork(fileURLToPath(import.meta.url), childArgs, { > 287 | env: { 288 | ...process.env, 289 | IS_CHILD: 'true'
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.5.0
3 findingsSpreading entire process.env into an object — may capture all secrets 76 | `),this._exit(0,"commander.version",e)}),this}description(e,o){return e===void 0&&o===void 0?this._description:(this._de 77 | Expecting one of '${a.join("', '")}'`);let s=`${e}Help`;return this.on(s,u=>{let r;typeof o=="function"?r=o({error:u.err > 78 | `)}),this}_outputHelpIfRequested(e){let o=this._getHelpOption();o&&e.find(s=>o.is(s))&&(this.outputHelp(),this._exit(0," 79 | /*! Bundled license information: 80 |
Spreading entire process.env into an object — may capture all secrets 285 | 286 | const child = fork(fileURLToPath(import.meta.url), childArgs, { > 287 | env: { 288 | ...process.env, 289 | IS_CHILD: 'true'
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.63.0
4 findingsThis version was published by a different npm account than previous versions on 2026-06-03. This could indicate a legitimate maintainer transition or an account compromise.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.