@tre-regex/regex-linux-arm64-gnu
TreRegex provides a high-performance Node interface to the TRE C library. It brings robust approximate (fuzzy) regular expression matching to Node, featuring multi-byte Unicode string safety, and granular error limits
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| npm-metadata | bundled-binaries | AI (npm-metadata): Platform-specific native binding; .node binary is the intended deliverable, validated by SLSA provenance. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Native binding sub-packages legitimately have no deps and minimal READMEs. | ai |
v0.3.1
2 findingsPackage contains compiled binaries that could be backdoors: • tre-regex.linux-arm64-gnu.node
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.0
2 findingsPackage contains compiled binaries that could be backdoors: • tre-regex.linux-arm64-gnu.node
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.1
2 findingsPackage contains compiled binaries that could be backdoors: • tre-regex.linux-arm64-gnu.node
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.0
2 findingsPackage contains compiled binaries that could be backdoors: • tre-regex.linux-arm64-gnu.node
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.