@tre-regex/regex-linux-x64-musl
TreRegex provides a high-performance Node interface to the TRE C library. It brings robust approximate (fuzzy) regular expression matching to Node, featuring multi-byte Unicode string safety, and granular error limits
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| npm-metadata | bundled-binaries | AI (npm-metadata): Platform-specific native binding shard; .node binary is the package's sole purpose, published with SLSA provenance. | ai | |
| bogus-package | bogus-package | AI (bogus-package): No-dep, sparse-README pattern is standard for platform-specific optionalDependency shards. | ai |
v0.3.1
2 findingsPackage contains compiled binaries that could be backdoors: • tre-regex.linux-x64-musl.node
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.3.0
2 findingsPackage contains compiled binaries that could be backdoors: • tre-regex.linux-x64-musl.node
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.1
2 findingsPackage contains compiled binaries that could be backdoors: • tre-regex.linux-x64-musl.node
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.0
2 findingsPackage contains compiled binaries that could be backdoors: • tre-regex.linux-x64-musl.node
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.