@thi.ng/pixel
Typedarray integer & float pixel buffers w/ customizable formats, blitting, drawing, convolution
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:new-function-constructor | AI (semgrep): Used for internal pixel format codegen with fixed template strings; not user-controlled input. | ai | |
| dependencies | unvetted-dep:@thi.ng/api | AI (dependencies): Sibling thi.ng/umbrella monorepo package from same trusted publisher. | ai | |
| dependencies | unvetted-dep:@thi.ng/math | AI (dependencies): Sibling thi.ng/umbrella monorepo package from same trusted publisher. | ai | |
| dependencies | unvetted-dep:@thi.ng/porter-duff | AI (dependencies): Sibling thi.ng/umbrella monorepo package from same trusted publisher. | ai |
Versions (showing 33 of 33)
| Version | Deps | Published |
|---|---|---|
| 7.5.35 | 6 / 3 | |
| 7.5.34 | 6 / 3 | |
| 7.5.33 | 6 / 3 | |
| 7.5.31 | 6 / 3 | |
| 7.5.30 | 6 / 3 | |
| 7.5.29 | 6 / 3 | |
| 7.5.28 | 6 / 3 | |
| 7.5.27 | 6 / 3 | |
| 7.5.26 | 6 / 3 | |
| 7.5.25 | 6 / 3 | |
| 7.5.24 | 6 / 3 | |
| 7.5.23 | 6 / 3 | |
| 7.5.22 | 6 / 3 | |
| 7.5.21 | 6 / 3 | |
| 7.5.20 | 6 / 3 | |
| 7.5.19 | 6 / 3 | |
| 7.5.18 | 6 / 3 | |
| 7.5.17 | 6 / 3 | |
| 7.5.16 | 6 / 3 | |
| 7.5.15 | 6 / 3 | |
| 7.5.14 | 6 / 3 | |
| 7.5.10 | 6 / 3 | |
| 7.5.9 | 6 / 3 | |
| 7.5.8 | 6 / 3 | |
| 7.5.7 | 6 / 3 | |
| 7.5.6 | 6 / 3 | |
| 7.5.5 | 6 / 3 | |
| 7.5.4 | 6 / 3 | |
| 7.5.3 | 6 / 3 | |
| 7.5.2 | 6 / 3 | |
| 7.5.1 | 6 / 4 | |
| 7.5.0 | 6 / 4 | |
| 7.4.5 | 6 / 4 |
v7.5.35
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.5.34
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.5.33
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.5.31
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.5.30
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.5.29
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.5.26
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.5.25
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.5.24
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.5.23
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.5.22
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.5.21
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.5.20
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.5.19
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.5.18
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.5.17
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.5.16
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v7.5.15
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.5.14
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.5.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.5.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.5.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.5.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.5.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.5.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.5.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.5.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.5.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.5.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.5.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v7.4.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.