← Home

@uruhalushia/sysproxy

npm Repository Homepage

跨平台系统代理设置工具 Node.js 原生绑定

4
Versions
GPL-3.0-only
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

xishang0128

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
semgrep semgrep:child-process-import AI (semgrep): napi-rs musl detection pattern; execSync runs fixed 'ldd --version' string, not user input. ai
semgrep semgrep:child-process-execsync AI (semgrep): Fixed command string for musl detection; standard napi-rs loader pattern. ai
semgrep semgrep:dynamic-require AI (semgrep): Loads platform-specific prebuilt .node binary; standard napi-rs loader pattern. ai

Versions (showing 4 of 4)

Version Deps Published
0.2.7 0 / 1
0.2.6 0 / 1
0.2.5 0 / 1
0.2.4 0 / 1

v0.2.7

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.6

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.5

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.4

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.