domparser-rs
A super fast html parser and manipulator written in rust.
9
Versions
MIT
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
gitHead linked
Maintainers
xusd320
Keywords
htmlparserjqueryselectorscraperparserdomhtmlrustnapi
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:child-process-import | AI (semgrep): napi-rs standard pattern: child_process used only to run 'ldd --version' to detect musl libc. Fixed command, no user input, benign for this native binding package. | ai | |
| semgrep | semgrep:child-process-execsync | AI (semgrep): execSync('ldd --version') is napi-rs boilerplate for musl detection. Fixed safe command, not a security risk for this native binding package. | ai | |
| semgrep | semgrep:dynamic-require | AI (semgrep): Dynamic require of NAPI_RS_NATIVE_LIBRARY_PATH is documented napi-rs behavior for overriding native binary path. Standard pattern for this package type. | ai | |
| semgrep | semgrep:api-obfuscation-reflect | AI (semgrep): Reflect.get() used in a Proxy trap handler for transparent property forwarding — idiomatic JavaScript, not obfuscation. Stable false positive for this package. | ai |
Versions (showing 9 of 9)
| Version | Deps | Published |
|---|---|---|
| 0.1.1 | 0 / 7 | |
| 0.1.0 | 0 / 7 | |
| 0.0.7 | 0 / 7 | |
| 0.0.6 | 0 / 7 | |
| 0.0.5 | 0 / 7 | |
| 0.0.4 | 0 / 7 | |
| 0.0.3 | 0 / 7 | |
| 0.0.2 | 0 / 7 | |
| 0.0.1 | 0 / 7 |
v0.1.1
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.