oxc-minify
3
Versions
—
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
No source commit
Maintainers
boshen
Keywords
javascriptminifierminifyoxctersertypescriptuglify
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:child-process-import | AI (semgrep): Standard napi-rs pattern: execSync('ldd --version') detects musl libc to select the correct native binary. Hardcoded command, not exploitable. | ai | |
| semgrep | semgrep:child-process-execsync | AI (semgrep): Standard napi-rs musl detection pattern. Command is hardcoded to 'ldd --version', not user-controlled. Stable false positive for this package. | ai | |
| semgrep | semgrep:dynamic-require | AI (semgrep): Standard napi-rs NAPI_RS_NATIVE_LIBRARY_PATH override pattern for custom binary paths. Documented napi-rs behavior, not malicious. | ai |
v0.48.0
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.47.1
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.46.0
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.