roaring
CRoaring official port for NodeJS
1
Versions
Apache-2.0
License
Yes
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
gitHead linked
Maintainers
salvatorepreviti
Keywords
CRoaringRoaringbitmaps
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| install-scripts | install-script:install | AI (install-scripts): Standard node-pre-gyp install pattern for a native C++ addon (CRoaring binding). Fetches prebuilt binaries or falls back to build from source — documented and expected behavior. | ai | |
| semgrep | semgrep:dynamic-require | AI (semgrep): Dynamic require resolves the path to the compiled native binary via node-pre-gyp's pre-binding helper. This is the canonical loading pattern for native addons, not arbitrary module loading. | ai |
Versions (showing 1 of 1)
| Version | Deps | Published |
|---|---|---|
| 2.7.0 | 1 / 15 |