Latest Threat Research:SANDWORM_MODE: Shai-Hulud-Style npm Worm Hijacks CI Workflows and Poisons AI Toolchains.Details →
@postman/pm-bin-linux-arm64
Advanced tools
@postman/pm-bin-linux-arm64 - npm Package Compare versions
Sorry, the diff of this file is too big to display
+12
-6
| { | ||
| "name": "@postman/pm-bin-linux-arm64", | ||
| "version": "0.0.1", | ||
| "description": "OIDC trusted publishing setup package for @postman/pm-bin-linux-arm64", | ||
| "keywords": [ | ||
| "oidc", | ||
| "trusted-publishing", | ||
| "setup" | ||
| "version": "1.27.0", | ||
| "description": "Native terminal binary for Linux ARM64 - Internal dependency package", | ||
| "main": "bin/postman", | ||
| "files": [ | ||
| "bin/", | ||
| "README.md" | ||
| ], | ||
| "os": [ | ||
| "linux" | ||
| ], | ||
| "cpu": [ | ||
| "arm64" | ||
| ] | ||
| } |
+3
-43
@@ -1,45 +0,5 @@ | ||
| # @postman/pm-bin-linux-arm64 | ||
| # PM Terminal Binary - Linux ARM64 | ||
| ## ⚠️ IMPORTANT NOTICE ⚠️ | ||
| ⚠️ **Do not install this package directly.** | ||
| **This package is created solely for the purpose of setting up OIDC (OpenID Connect) trusted publishing with npm.** | ||
| This is **NOT** a functional package and contains **NO** code or functionality beyond the OIDC setup configuration. | ||
| ## Purpose | ||
| This package exists to: | ||
| 1. Configure OIDC trusted publishing for the package name `@postman/pm-bin-linux-arm64` | ||
| 2. Enable secure, token-less publishing from CI/CD workflows | ||
| 3. Establish provenance for packages published under this name | ||
| ## What is OIDC Trusted Publishing? | ||
| OIDC trusted publishing allows package maintainers to publish packages directly from their CI/CD workflows without needing to manage npm access tokens. Instead, it uses OpenID Connect to establish trust between the CI/CD provider (like GitHub Actions) and npm. | ||
| ## Setup Instructions | ||
| To properly configure OIDC trusted publishing for this package: | ||
| 1. Go to [npmjs.com](https://www.npmjs.com/) and navigate to your package settings | ||
| 2. Configure the trusted publisher (e.g., GitHub Actions) | ||
| 3. Specify the repository and workflow that should be allowed to publish | ||
| 4. Use the configured workflow to publish your actual package | ||
| ## DO NOT USE THIS PACKAGE | ||
| This package is a placeholder for OIDC configuration only. It: | ||
| - Contains no executable code | ||
| - Provides no functionality | ||
| - Should not be installed as a dependency | ||
| - Exists only for administrative purposes | ||
| ## More Information | ||
| For more details about npm's trusted publishing feature, see: | ||
| - [npm Trusted Publishing Documentation](https://docs.npmjs.com/generating-provenance-statements) | ||
| - [GitHub Actions OIDC Documentation](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect) | ||
| --- | ||
| **Maintained for OIDC setup purposes only** | ||
| This package contains the Linux ARM64 terminal binary and is automatically installed as a dependency for the main terminal package. |
New alerts
Native code
Supply chain riskContains native code (e.g., compiled binaries or shared libraries). Including native code can obscure malicious behavior.
Found 1 instance in 1 package
Fixed alerts
No v1
QualityPackage is not semver >=1. This means it is not stable and does not support ^ ranges.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
112075466
5411559.39%- Number of package files
3
50%- Number of low quality alerts
1
-50%Worsened metrics
- Number of lines in readme file
6
-86.96%- Number of medium supply chain risk alerts
2
100%No dependency changes