ffi-rs
A module written in Rust and N-API provides interface (FFI) features for Node.js
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:ffi-rs-darwin-arm64 | AI (dependencies): Standard NAPI-RS platform binary optional dependency; this is the canonical distribution pattern for native Node.js addons. | ai | |
| dependencies | unvetted-dep:ffi-rs-linux-x64-gnu | AI (dependencies): Standard NAPI-RS platform binary optional dependency; this is the canonical distribution pattern for native Node.js addons. | ai | |
| dependencies | unvetted-dep:ffi-rs-win32-x64-msvc | AI (dependencies): Standard NAPI-RS platform binary optional dependency; this is the canonical distribution pattern for native Node.js addons. | ai | |
| dependencies | unvetted-dep:ffi-rs-linux-arm64-gnu | AI (dependencies): Standard NAPI-RS platform binary optional dependency; this is the canonical distribution pattern for native Node.js addons. | ai | |
| dependencies | unvetted-dep:ffi-rs-linux-arm64-musl | AI (dependencies): Standard NAPI-RS platform binary optional dependency; this is the canonical distribution pattern for native Node.js addons. | ai | |
| phantom-deps | phantom-dep:ffi-rs-darwin-x64 | AI (phantom-deps): Platform binary packages are loaded conditionally at runtime, not statically imported; phantom detection is a false positive for NAPI-RS packages. | ai | |
| phantom-deps | phantom-dep:ffi-rs-linux-arm64-musl | AI (phantom-deps): Platform binary packages are loaded conditionally at runtime, not statically imported; phantom detection is a false positive for NAPI-RS packages. | ai | |
| phantom-deps | phantom-dep:ffi-rs-linux-arm64-gnu | AI (phantom-deps): Platform binary packages are loaded conditionally at runtime, not statically imported; phantom detection is a false positive for NAPI-RS packages. | ai | |
| phantom-deps | phantom-dep:ffi-rs-win32-x64-msvc | AI (phantom-deps): Platform binary packages are loaded conditionally at runtime, not statically imported; phantom detection is a false positive for NAPI-RS packages. | ai | |
| phantom-deps | phantom-dep:ffi-rs-linux-x64-gnu | AI (phantom-deps): Platform binary packages are loaded conditionally at runtime, not statically imported; phantom detection is a false positive for NAPI-RS packages. | ai | |
| dependencies | unvetted-dep:ffi-rs-darwin-x64 | AI (dependencies): Standard NAPI-RS platform binary optional dependency; this is the canonical distribution pattern for native Node.js addons. | ai | |
| phantom-deps | phantom-dep:ffi-rs-darwin-arm64 | AI (phantom-deps): Platform binary packages are loaded conditionally at runtime, not statically imported; phantom detection is a false positive for NAPI-RS packages. | ai | |
| phantom-deps | phantom-dep:@yuuang/ffi-rs-linux-arm64-musl | AI (phantom-deps): Platform-specific binary dependency declared as optional; standard NAPI pattern for multi-platform native modules. | ai | |
| phantom-deps | phantom-dep:@yuuang/ffi-rs-darwin-x64 | AI (phantom-deps): Platform-specific binary dependency declared as optional; standard NAPI pattern for multi-platform native modules. | ai | |
| phantom-deps | phantom-dep:@yuuang/ffi-rs-darwin-arm64 | AI (phantom-deps): Platform-specific binary dependency declared as optional; standard NAPI pattern for multi-platform native modules. | ai | |
| phantom-deps | phantom-dep:@yuuang/ffi-rs-linux-x64-gnu | AI (phantom-deps): Platform-specific binary dependency declared as optional; standard NAPI pattern for multi-platform native modules. | ai | |
| phantom-deps | phantom-dep:@yuuang/ffi-rs-win32-x64-msvc | AI (phantom-deps): Platform-specific binary dependency declared as optional; standard NAPI pattern for multi-platform native modules. | ai | |
| phantom-deps | phantom-dep:@yuuang/ffi-rs-linux-arm64-gnu | AI (phantom-deps): Platform-specific binary dependency declared as optional; standard NAPI pattern for multi-platform native modules. | ai | |
| phantom-deps | phantom-dep:@napi-rs/cli | AI (phantom-deps): @napi-rs/cli is used in build scripts (artifacts, universal, version); phantom-dep is expected for build tooling. | ai | |
| phantom-deps | phantom-dep:shelljs | AI (phantom-deps): shelljs is used in build scripts; phantom-dep is expected for build-time tooling dependencies. | ai | |
| phantom-deps | phantom-dep:esno | AI (phantom-deps): esno is a legitimate build/test tool used in the 'test' script; phantom-dep is expected for build-time dependencies. | ai | |
| semgrep | semgrep:child-process-import | AI (semgrep): child_process is used solely to run 'which ldd' for musl detection in N-API binary selection — a standard, benign pattern for native bindings. | ai | |
| semgrep | semgrep:child-process-execsync | AI (semgrep): execSync('which ldd') is used for musl libc detection to select the correct prebuilt binary. Hardcoded, non-user-controlled command with no security risk. | ai |
Versions (showing 98 of 98)
| Version | Deps | Published |
|---|---|---|
| 1.3.2 | 0 / 8 | |
| 1.3.1 | 0 / 8 | |
| 1.3.0 | 0 / 8 | |
| 1.2.16 | 0 / 8 | |
| 1.2.15 | 0 / 8 | |
| 1.2.14 | 0 / 8 | |
| 1.2.13 | 0 / 8 | |
| 1.2.12 | 0 / 8 | |
| 1.2.11 | 0 / 8 | |
| 1.2.10 | 0 / 9 | |
| 1.2.9 | 0 / 9 | |
| 1.2.8 | 0 / 9 | |
| 1.2.6 | 0 / 9 | |
| 1.2.5 | 0 / 9 | |
| 1.2.4 | 0 / 9 | |
| 1.2.3 | 0 / 9 | |
| 1.2.2 | 0 / 9 | |
| 1.2.1 | 0 / 9 | |
| 1.2.0 | 0 / 9 | |
| 1.1.1 | 0 / 9 | |
| 1.1.0 | 0 / 9 | |
| 1.0.99 | 0 / 9 | |
| 1.0.98 | 0 / 9 | |
| 1.0.97 | 0 / 9 | |
| 1.0.96 | 0 / 9 | |
| 1.0.95 | 0 / 9 | |
| 1.0.94 | 0 / 9 | |
| 1.0.93 | 0 / 9 | |
| 1.0.91 | 0 / 9 | |
| 1.0.90 | 0 / 9 | |
| 1.0.89 | 0 / 9 | |
| 1.0.88 | 0 / 9 | |
| 1.0.87 | 0 / 9 | |
| 1.0.86 | 0 / 9 | |
| 1.0.85 | 0 / 9 | |
| 1.0.84 | 0 / 9 | |
| 1.0.83 | 0 / 9 | |
| 1.0.82 | 0 / 9 | |
| 1.0.81 | 0 / 9 | |
| 1.0.80 | 0 / 9 | |
| 1.0.79 | 0 / 9 | |
| 1.0.78 | 0 / 9 | |
| 1.0.77 | 0 / 9 | |
| 1.0.76 | 0 / 9 | |
| 1.0.75 | 0 / 9 | |
| 1.0.74 | 0 / 9 | |
| 1.0.73 | 0 / 9 | |
| 1.0.72 | 0 / 9 | |
| 1.0.71 | 0 / 9 | |
| 1.0.70 | 0 / 9 | |
| 1.0.69 | 0 / 9 | |
| 1.0.68 | 0 / 9 | |
| 1.0.67 | 0 / 9 | |
| 1.0.65 | 0 / 9 | |
| 1.0.64 | 0 / 8 | |
| 1.0.63 | 0 / 8 | |
| 1.0.62 | 0 / 7 | |
| 1.0.61 | 0 / 7 | |
| 1.0.60 | 0 / 7 | |
| 1.0.59 | 0 / 7 | |
| 1.0.58 | 0 / 7 | |
| 1.0.57 | 0 / 7 | |
| 1.0.56 | 0 / 7 | |
| 1.0.54 | 0 / 7 | |
| 1.0.53 | 0 / 7 | |
| 1.0.52 | 0 / 7 | |
| 1.0.50 | 0 / 7 | |
| 1.0.48 | 0 / 7 | |
| 1.0.47 | 3 / 4 | |
| 1.0.46 | 3 / 4 | |
| 1.0.45 | 3 / 4 | |
| 1.0.43 | 3 / 4 | |
| 1.0.41 | 3 / 4 | |
| 1.0.38 | 3 / 4 | |
| 1.0.37 | 3 / 4 | |
| 1.0.36 | 3 / 4 | |
| 1.0.35 | 3 / 4 | |
| 1.0.33 | 3 / 4 | |
| 1.0.32 | 3 / 4 | |
| 1.0.31 | 3 / 4 | |
| 1.0.30 | 3 / 4 | |
| 1.0.29 | 4 / 4 | |
| 1.0.28 | 4 / 4 | |
| 1.0.25 | 3 / 4 | |
| 1.0.21 | 3 / 5 | |
| 1.0.20 | 3 / 4 | |
| 1.0.19 | 3 / 4 | |
| 1.0.18 | 2 / 4 | |
| 1.0.16 | 2 / 3 | |
| 1.0.15 | 0 / 3 | |
| 1.0.13 | 0 / 3 | |
| 1.0.12 | 6 / 3 | |
| 1.0.11 | 6 / 3 | |
| 1.0.9 | 6 / 3 | |
| 1.0.8 | 6 / 3 | |
| 1.0.7 | 6 / 3 | |
| 1.0.5 | 6 / 3 | |
| 1.0.2 | 6 / 3 |
v1.3.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.16
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.15
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.14
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.13
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.12
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.11
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.99
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.98
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.97
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.96
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.95
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.94
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.93
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.91
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.90
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.89
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.88
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.87
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.86
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.85
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.84
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.83
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.82
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.81
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.80
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.79
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.78
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.77
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.76
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.75
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.74
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.73
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.72
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.71
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.70
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.69
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.68
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.67
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.65
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.64
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.63
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.62
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.61
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.60
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.59
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.58
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.57
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.56
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.54
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.53
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.52
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.50
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.48
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.47
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.46
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.45
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.43
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.41
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.38
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.37
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.36
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.35
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.33
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.32
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.31
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.30
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.29
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.28
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.25
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.21
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.20
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.19
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.18
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.16
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.15
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.13
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.12
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.11
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.9
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.8
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.