← Home

fd-slicer

safely create multiple ReadStream or WriteStream objects from the same file descriptor

12
Versions
MIT
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

superjoethejoshwolfe

Keywords

createReadStreamcreateWriteStream

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
provenance publisher-changed AI (provenance): thejoshwolfe is a well-established npm contributor (74 approved packages) with direct ecosystem ties to fd-slicer; transition from superjoe is consistent with a legitimate handoff. ai
publish-pattern dormant-publish AI (publish-pattern): Dormancy is expected for a stable low-level utility; no code changes or new scripts introduced, ruling out account takeover exploitation. ai

Versions (showing 12 of 12)

Version Deps Published
1.1.0 1 / 4
1.0.1 1 / 4
1.0.0 1 / 4
0.4.0 1 / 2
0.3.2 1 / 2
0.3.1 1 / 2
0.3.0 1 / 2
0.2.1 1 / 2
0.2.0 1 / 2
0.1.0 1 / 2
0.0.2 1 / 2
0.0.1 1 / 2