← Home

blind-relay

npm Repository Homepage

Blind relay for UDX over Protomux channels

3
Versions
Apache-2.0
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

mafintosh

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
dependencies unvetted-dep:b4a AI (dependencies): b4a is a well-known Holepunch/hypercore-protocol utility; stable false positive for this package. ai
dependencies unvetted-dep:streamx AI (dependencies): streamx is a well-known Holepunch streaming library; stable false positive for this package. ai
phantom-deps phantom-dep:bare-events AI (phantom-deps): bare-events is declared via package.json imports map for Bare runtime; not a direct import but legitimately used. ai

Versions (showing 3 of 3)

Version Deps Published
1.6.1 8 / 6
1.6.0 8 / 6
1.5.0 8 / 6

v1.6.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.6.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.