onnxruntime-node — Greenflagged

ONNXRuntime Node.js binding

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

erscorerscor_msfteire

Keywords

ONNXONNXRuntimeONNX Runtime

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
publish-pattern	new-deps-added	AI (publish-pattern): tar added to support unpacking downloaded prebuilt binaries in postinstall — directly explained by the new binary download install flow.	ai	2026/04/24
provenance	publisher-changed	AI (provenance): Publisher 'eire' matches package.json author 'fs-eire', a known Microsoft ONNX Runtime contributor. 114 approved packages, 0 rejected. Legitimate maintainer.	ai	2026/04/24
semgrep	semgrep:toplevel-fetch	AI (semgrep): fetch() in install.js downloads prebuilt binaries from Microsoft Azure blob storage — documented install flow for this native binding.	ai	2026/04/24
semgrep	semgrep:child-process-import	AI (semgrep): child_process used in build.js to invoke cmake-js for native addon compilation — standard build tooling for native Node.js addons.	ai	2026/04/24
semgrep	semgrep:env-spread	AI (semgrep): env-spread in build.js is filtering LIB paths on Windows for cmake — legitimate build environment setup, not credential exfiltration.	ai	2026/04/24
install-scripts	install-script:postinstall	AI (install-scripts): Postinstall downloads prebuilt ONNX Runtime native binaries from Microsoft Azure blob storage — standard pattern for this native binding package.	ai	2026/04/24
install-scripts	install-script:install	AI (install-scripts): Standard native addon install pattern: tries prebuild-install for prebuilt binaries, falls back to building from source. Consistent with Microsoft's official ONNX Runtime Node.js binding across all versions.	ai	2026/04/24
phantom-deps	phantom-dep:prebuild-install	AI (phantom-deps): prebuild-install is explicitly declared as a runtime dependency in package.json dependencies; the phantom-dep finding is a false positive for this package.	ai	2026/04/24
semgrep	semgrep:dynamic-require	AI (semgrep): Dynamic require uses only process.platform and process.arch to select the correct prebuilt .node binding — standard cross-platform native addon pattern, not user-controlled input.	ai	2026/04/23
npm-metadata	bundled-binaries	AI (npm-metadata): onnxruntime-node's core purpose is shipping prebuilt native ONNX Runtime binaries (.so, .dll, .node) for multiple platforms. Bundled binaries are expected and stable for this package.	ai	2026/04/23

Versions (showing 15 of 15)

Version	Deps	Published
1.17.3	2 / 6	2024-04-20
1.17.0	1 / 6	2024-01-31
1.16.3	1 / 6	2023-11-20
1.16.2	1 / 6	2023-11-09
1.16.1	1 / 6	2023-10-11
1.16.0	1 / 6	2023-09-19
1.15.1	1 / 8	2023-06-17
1.15.0	1 / 8	2023-05-24
1.14.0	1 / 12	2023-02-10
1.13.1	1 / 12	2022-10-24
1.12.1	1 / 12	2022-08-04
1.12.0	1 / 12	2022-07-22
1.11.0	1 / 12	2022-03-25
1.10.0	1 / 12	2021-12-07
1.8.0	2 / 19	2021-06-03

v1.17.3

5 findings

HIGH Package has 'postinstall' script install-scripts

Script: node ./script/install

HIGH Publisher changed: onnxruntime → eire (on 2024-04-20) provenance

This version was published by a different npm account than previous versions on 2024-04-20. This could indicate a legitimate maintainer transition or an account compromise.

HIGH env-spread: script/build.js:107 semgrep

Spreading entire process.env into an object — may capture all secrets 105 | // So we override the LIB environment variable to remove invalid paths. 106 | const envOverride = os.platform() === 'win32' && process.env.LIB ? > 107 | { ...process.env, LIB: process.env.LIB.split(';').filter(fs.existsSync).join(';') } : 108 | process.env; 109 | // launch cmake-js configure

HIGH env-spread: script/build.ts:86 semgrep

Spreading entire process.env into an object — may capture all secrets 84 | // So we override the LIB environment variable to remove invalid paths. 85 | const envOverride = os.platform() === 'win32' && process.env.LIB ? > 86 | {...process.env, LIB: process.env.LIB.split(';').filter(fs.existsSync).join(';')} : 87 | process.env; 88 |