← Home

temp

Temporary files and directories

16
Versions
MIT
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

brucemiguelsolano

Keywords

temporarytmptemptempdirtempfiletmpdirtmpfile

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
semgrep semgrep:child-process-import AI (semgrep): child_process usage is confined to example files (examples/grepcount.js), not library code. Stable false positive for this package. ai
bogus-package bogus-package AI (bogus-package): Signals are artifacts of early npm conventions (~2009). Package has 8.3M weekly downloads and a long legitimate history; not a spam/bogus package. ai
provenance publisher-changed AI (provenance): Publisher change occurred in 2018; new publisher miguelsolano has 5+ year track record with 17 approved packages. Stable maintainer transition. ai
email-domain unclaimed-email:codefluency.com AI (email-domain): Domain belongs to original (now inactive) maintainer bruce; current publisher is miguelsolano. Theoretical risk but not actionable for this well-established package. ai
provenance no-provenance AI (provenance): Established package predating Sigstore provenance; absence is expected and not a risk signal for this package. ai

Versions (showing 16 of 16)

Version Deps Published
0.9.4 2 / 1
0.9.2 2 / 1
0.9.1 1 / 1
0.9.0 1 / 0
0.8.4 1 / 1
0.8.3 2 / 0
0.8.2 1 / 0
0.8.1 1 / 0
0.8.0 1 / 0
0.7.0 1 / 0
0.6.0 2 / 0
0.5.1 1 / 0
0.5.0 0 / 0
0.4.0 0 / 0
0.3.0 0 / 0
0.2.0 0 / 0