@tre-regex/regex
TreRegex provides a high-performance Node interface to the TRE C library. It brings robust approximate (fuzzy) regular expression matching to Node, featuring multi-byte Unicode string safety, and granular error limits
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| typosquat | typosquat.levenshtein:redux | AI (typosquat): Scoped package @tre-regex/regex; no relation to redux. Levenshtein match is coincidental. | ai | |
| semgrep | semgrep:child-process-execsync | AI (semgrep): Standard napi-rs musl detection pattern; runs 'ldd --version' only, not user-controlled input. | ai | |
| semgrep | semgrep:child-process-import | AI (semgrep): Same musl detection use case; benign and stable for this native binding package. | ai | |
| semgrep | semgrep:dynamic-require | AI (semgrep): napi-rs canonical NAPI_RS_NATIVE_LIBRARY_PATH override; documented pattern for native bindings. | ai |
Versions (showing 5 of 5)
| Version | Deps | Published |
|---|---|---|
| 0.3.1 | 0 / 15 | |
| 0.3.0 | 0 / 15 | |
| 0.2.1 | 0 / 15 | |
| 0.2.0 | 0 / 15 | |
| 0.1.0 | 0 / 15 |
v0.3.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.