bigint-buffer
bigint to buffer conversion with native support
0
Versions
Apache-2.0
License
Yes
Install Scripts
Missing
Provenance
Supply chain provenance
Status for the latest visible version.
No SLSA provenance
npm registry signatures
gitHead linked
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
no2chem
Keywords
bigintbignumtc39-bigintnapi
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| install-scripts | install-script:install | AI (install-scripts): Install script runs node-gyp rebuild for native N-API bindings with graceful fallback — standard pattern for this native addon package. | ai | |
| semgrep | semgrep:hex-decode | AI (semgrep): All hex-decode findings are in benchmark/test files using literal hex strings like 'deadbeef' for test data, not obfuscated payloads. | ai | |
| semgrep | semgrep:dynamic-require | AI (semgrep): Dynamic require is in a test spec file loading the built dist directory — not production code, no arbitrary module loading risk. | ai |
Versions (showing 0 of 0)
| Version | Deps | Published |
|---|