🚀 Socket Launch Week Day 5:Introducing Repository Access Permissions and Custom Roles.Learn more
Sign In

node-tpm2

Package Overview
Dependencies
Maintainers
1
Versions
19
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

node-tpm2 - npm Package Compare versions

Comparing version
0.0.5
to
0.0.6
+120
SECURITY.md
# Security
## Reporting vulnerabilities
If you believe you have found a security issue in **node-tpm2**, please report it responsibly:
- **Email:** [support@hardproof.app](mailto:support@hardproof.app) (package maintainer contact from npm)
- **GitHub:** [Open a private security advisory](https://github.com/stacks0x/tpm2/security/advisories/new) on this repository
Do not open public issues for undisclosed vulnerabilities.
---
## Supply chain transparency (Socket.dev)
This package is analyzed by [Socket.dev](https://socket.dev/npm/package/node-tpm2). As of the initial transparency pass, typical scores were:
| Dimension | Score |
|-----------|------:|
| Quality | 100 |
| Maintenance | 94 |
| License | 100 |
| Vulnerability | 100 |
| **Supply Chain Security** | **71** |
**Supply Chain 71 is expected for a prebuilt native Node binding**, not evidence of a defect in this library. Static analysis flags structural patterns in the napi-rs loader and native-addon layout. Each alert is accounted for below.
Scores change over time on Socket's dashboard — this document explains **why the flags exist**, not how to chase a perfect number.
---
## Socket alert accounting
All locations below refer to the **published npm package**. The loader file `native.cjs` is **auto-generated by [napi-rs](https://napi.rs)** at build time — do not hand-edit it; regenerate with `npm run build`.
### Shell access (amber) — `child_process` in `native.cjs`
**What:** `isMuslFromChildProcess()` calls `execSync('ldd --version')` when filesystem and `process.report` musl/glibc detection both fail on Linux.
**Why it exists:** Choose the correct prebuilt binary (`*-gnu.node` vs `*-musl.node`) on ambiguous Linux environments.
**Risk:** Low. The command string is **hardcoded**. No user input, package name, or network data reaches this call. It runs at **module load** on Linux only, as a last-resort fallback after non-shell checks.
**Mitigation path:** Track upstream [napi-rs](https://github.com/napi-rs/napi-rs) loader changes; regenerate when a future release removes or replaces this fallback. We are already on current `@napi-rs/cli`.
---
### Dynamic require (informational) — `native.cjs`
**What:** The loader `require()`s the platform-specific prebuilt `.node` binary (and optional platform packages such as `node-tpm2-linux-x64-gnu`) based on `process.platform` / `process.arch` / musl detection.
**Why it exists:** Standard pattern for npm packages that ship prebuilt native addons via optional dependencies.
**Risk:** None inherent. The require target is chosen from a fixed platform matrix, not from caller-controlled strings (except the documented override below).
**Related:** `NAPI_RS_NATIVE_LIBRARY_PATH` allows loading a specific `.node` path for development/debugging — a documented napi-rs knob, not runtime API surface of this library.
---
### Filesystem access (informational) — `native.cjs` (+ library behavior)
**Loader (`native.cjs`):**
- Reads `/usr/bin/ldd` (text) for musl detection (`isMuslFromFilesystem`).
- Reads each optional binding's `package.json` for version consistency when `NAPI_RS_ENFORCE_VERSION_CHECK` is enabled.
**Library (Rust / JS):** Attestation and key APIs may read or write **AK blob files** when the **application** passes paths or persists exported blobs — that is documented product behavior, not covert file access.
**Risk:** None inherent in the loader paths above.
---
### Environment variable access (informational) — `native.cjs`
**What:** The loader reads napi-rs environment variables:
| Variable | Purpose |
|----------|---------|
| `NAPI_RS_NATIVE_LIBRARY_PATH` | Override path to a `.node` binary (dev/debug) |
| `NAPI_RS_FORCE_WASI` | Force or error on WASI binding load |
| `NAPI_RS_ENFORCE_VERSION_CHECK` | Enforce optional-deps version match (default on) |
**Risk:** None inherent. These are standard napi-rs configuration knobs documented upstream.
---
### URL strings (informational) — `native.cjs`
**What:** Error messages include URL strings (e.g. a link to an npm optional-dependencies bug report when platform packages fail to load).
**Risk:** None. Strings appear in error text only; the loader does not fetch URLs or open network connections.
---
### AI-detected code anomaly (informational) — package-wide
**What:** Socket's model flags atypical patterns in native bindings: low-level TPM command byte marshalling, Windows PCP/NCrypt integration, and Rust→NAPI exports.
**Risk:** None cited to a specific behavior. This alert reflects that the package is **not pure JavaScript**, not that a particular line is malicious.
---
## What this package does at runtime (trust boundary)
- **Linux:** Submits TPM 2.0 commands via `/dev/tpmrm0` (TBS-style raw commands).
- **Windows:** Submits TPM commands via TBS; attestation key persistence uses NCrypt Platform Crypto Provider (PCP).
- **No network I/O** in the library itself.
- **No shell** in application/Rust code — the only shell-related code is the napi-rs loader fallback above.
Consumers remain responsible for how they store AK blobs, NV indices, and sealed data in their own applications.
---
## Dependency surface
Runtime npm dependencies: **none** (only optional platform binding packages published alongside `node-tpm2`).
Build-time: Rust crates (compiled into the `.node` binary), `@napi-rs/cli` (dev only, not published to consumers).
See [README.md](./README.md) and [docs/api-reference.md](./docs/api-reference.md) for the public API and platform matrix.
+1
-1

@@ -12,3 +12,3 @@ # API roadmap

## Current state (0.0.5)
## Current state (0.0.6)

@@ -15,0 +15,0 @@ **Shipped and validated on real Windows 11 hardware (Intel TPM, non-virtual):** attestation (user + machine provision, cross-user quote, SYSTEM provision), `random`, `keys` (sign + RSA decrypt), `pcr.read` / `pcr.extend` (admin on Windows), `nv` (read/write/define/undefine/readPublic), `seal` / `unseal`.

@@ -80,4 +80,4 @@ // prettier-ignore

const bindingPackageVersion = require('node-tpm2-android-arm64/package.json').version
if (bindingPackageVersion !== '0.0.5' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
throw new Error(`Native binding package version mismatch, expected 0.0.5 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
if (bindingPackageVersion !== '0.0.6' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
throw new Error(`Native binding package version mismatch, expected 0.0.6 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
}

@@ -97,4 +97,4 @@ return binding

const bindingPackageVersion = require('node-tpm2-android-arm-eabi/package.json').version
if (bindingPackageVersion !== '0.0.5' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
throw new Error(`Native binding package version mismatch, expected 0.0.5 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
if (bindingPackageVersion !== '0.0.6' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
throw new Error(`Native binding package version mismatch, expected 0.0.6 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
}

@@ -119,4 +119,4 @@ return binding

const bindingPackageVersion = require('node-tpm2-win32-x64-gnu/package.json').version
if (bindingPackageVersion !== '0.0.5' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
throw new Error(`Native binding package version mismatch, expected 0.0.5 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
if (bindingPackageVersion !== '0.0.6' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
throw new Error(`Native binding package version mismatch, expected 0.0.6 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
}

@@ -136,4 +136,4 @@ return binding

const bindingPackageVersion = require('node-tpm2-windows-x64-msvc/package.json').version
if (bindingPackageVersion !== '0.0.5' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
throw new Error(`Native binding package version mismatch, expected 0.0.5 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
if (bindingPackageVersion !== '0.0.6' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
throw new Error(`Native binding package version mismatch, expected 0.0.6 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
}

@@ -154,4 +154,4 @@ return binding

const bindingPackageVersion = require('node-tpm2-win32-ia32-msvc/package.json').version
if (bindingPackageVersion !== '0.0.5' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
throw new Error(`Native binding package version mismatch, expected 0.0.5 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
if (bindingPackageVersion !== '0.0.6' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
throw new Error(`Native binding package version mismatch, expected 0.0.6 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
}

@@ -171,4 +171,4 @@ return binding

const bindingPackageVersion = require('node-tpm2-windows-arm64-msvc/package.json').version
if (bindingPackageVersion !== '0.0.5' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
throw new Error(`Native binding package version mismatch, expected 0.0.5 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
if (bindingPackageVersion !== '0.0.6' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
throw new Error(`Native binding package version mismatch, expected 0.0.6 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
}

@@ -191,4 +191,4 @@ return binding

const bindingPackageVersion = require('node-tpm2-darwin-universal/package.json').version
if (bindingPackageVersion !== '0.0.5' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
throw new Error(`Native binding package version mismatch, expected 0.0.5 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
if (bindingPackageVersion !== '0.0.6' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
throw new Error(`Native binding package version mismatch, expected 0.0.6 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
}

@@ -208,4 +208,4 @@ return binding

const bindingPackageVersion = require('node-tpm2-darwin-x64/package.json').version
if (bindingPackageVersion !== '0.0.5' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
throw new Error(`Native binding package version mismatch, expected 0.0.5 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
if (bindingPackageVersion !== '0.0.6' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
throw new Error(`Native binding package version mismatch, expected 0.0.6 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
}

@@ -225,4 +225,4 @@ return binding

const bindingPackageVersion = require('node-tpm2-darwin-arm64/package.json').version
if (bindingPackageVersion !== '0.0.5' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
throw new Error(`Native binding package version mismatch, expected 0.0.5 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
if (bindingPackageVersion !== '0.0.6' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
throw new Error(`Native binding package version mismatch, expected 0.0.6 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
}

@@ -246,4 +246,4 @@ return binding

const bindingPackageVersion = require('node-tpm2-freebsd-x64/package.json').version
if (bindingPackageVersion !== '0.0.5' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
throw new Error(`Native binding package version mismatch, expected 0.0.5 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
if (bindingPackageVersion !== '0.0.6' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
throw new Error(`Native binding package version mismatch, expected 0.0.6 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
}

@@ -263,4 +263,4 @@ return binding

const bindingPackageVersion = require('node-tpm2-freebsd-arm64/package.json').version
if (bindingPackageVersion !== '0.0.5' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
throw new Error(`Native binding package version mismatch, expected 0.0.5 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
if (bindingPackageVersion !== '0.0.6' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
throw new Error(`Native binding package version mismatch, expected 0.0.6 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
}

@@ -285,4 +285,4 @@ return binding

const bindingPackageVersion = require('node-tpm2-linux-x64-musl/package.json').version
if (bindingPackageVersion !== '0.0.5' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
throw new Error(`Native binding package version mismatch, expected 0.0.5 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
if (bindingPackageVersion !== '0.0.6' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
throw new Error(`Native binding package version mismatch, expected 0.0.6 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
}

@@ -302,4 +302,4 @@ return binding

const bindingPackageVersion = require('node-tpm2-linux-x64-gnu/package.json').version
if (bindingPackageVersion !== '0.0.5' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
throw new Error(`Native binding package version mismatch, expected 0.0.5 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
if (bindingPackageVersion !== '0.0.6' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
throw new Error(`Native binding package version mismatch, expected 0.0.6 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
}

@@ -321,4 +321,4 @@ return binding

const bindingPackageVersion = require('node-tpm2-linux-arm64-musl/package.json').version
if (bindingPackageVersion !== '0.0.5' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
throw new Error(`Native binding package version mismatch, expected 0.0.5 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
if (bindingPackageVersion !== '0.0.6' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
throw new Error(`Native binding package version mismatch, expected 0.0.6 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
}

@@ -338,4 +338,4 @@ return binding

const bindingPackageVersion = require('node-tpm2-linux-arm64-gnu/package.json').version
if (bindingPackageVersion !== '0.0.5' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
throw new Error(`Native binding package version mismatch, expected 0.0.5 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
if (bindingPackageVersion !== '0.0.6' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
throw new Error(`Native binding package version mismatch, expected 0.0.6 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
}

@@ -357,4 +357,4 @@ return binding

const bindingPackageVersion = require('node-tpm2-linux-arm-musleabihf/package.json').version
if (bindingPackageVersion !== '0.0.5' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
throw new Error(`Native binding package version mismatch, expected 0.0.5 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
if (bindingPackageVersion !== '0.0.6' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
throw new Error(`Native binding package version mismatch, expected 0.0.6 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
}

@@ -374,4 +374,4 @@ return binding

const bindingPackageVersion = require('node-tpm2-linux-arm-gnueabihf/package.json').version
if (bindingPackageVersion !== '0.0.5' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
throw new Error(`Native binding package version mismatch, expected 0.0.5 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
if (bindingPackageVersion !== '0.0.6' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
throw new Error(`Native binding package version mismatch, expected 0.0.6 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
}

@@ -393,4 +393,4 @@ return binding

const bindingPackageVersion = require('node-tpm2-linux-loong64-musl/package.json').version
if (bindingPackageVersion !== '0.0.5' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
throw new Error(`Native binding package version mismatch, expected 0.0.5 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
if (bindingPackageVersion !== '0.0.6' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
throw new Error(`Native binding package version mismatch, expected 0.0.6 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
}

@@ -410,4 +410,4 @@ return binding

const bindingPackageVersion = require('node-tpm2-linux-loong64-gnu/package.json').version
if (bindingPackageVersion !== '0.0.5' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
throw new Error(`Native binding package version mismatch, expected 0.0.5 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
if (bindingPackageVersion !== '0.0.6' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
throw new Error(`Native binding package version mismatch, expected 0.0.6 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
}

@@ -429,4 +429,4 @@ return binding

const bindingPackageVersion = require('node-tpm2-linux-riscv64-musl/package.json').version
if (bindingPackageVersion !== '0.0.5' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
throw new Error(`Native binding package version mismatch, expected 0.0.5 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
if (bindingPackageVersion !== '0.0.6' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
throw new Error(`Native binding package version mismatch, expected 0.0.6 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
}

@@ -446,4 +446,4 @@ return binding

const bindingPackageVersion = require('node-tpm2-linux-riscv64-gnu/package.json').version
if (bindingPackageVersion !== '0.0.5' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
throw new Error(`Native binding package version mismatch, expected 0.0.5 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
if (bindingPackageVersion !== '0.0.6' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
throw new Error(`Native binding package version mismatch, expected 0.0.6 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
}

@@ -464,4 +464,4 @@ return binding

const bindingPackageVersion = require('node-tpm2-linux-ppc64-gnu/package.json').version
if (bindingPackageVersion !== '0.0.5' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
throw new Error(`Native binding package version mismatch, expected 0.0.5 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
if (bindingPackageVersion !== '0.0.6' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
throw new Error(`Native binding package version mismatch, expected 0.0.6 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
}

@@ -481,4 +481,4 @@ return binding

const bindingPackageVersion = require('node-tpm2-linux-s390x-gnu/package.json').version
if (bindingPackageVersion !== '0.0.5' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
throw new Error(`Native binding package version mismatch, expected 0.0.5 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
if (bindingPackageVersion !== '0.0.6' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
throw new Error(`Native binding package version mismatch, expected 0.0.6 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
}

@@ -502,4 +502,4 @@ return binding

const bindingPackageVersion = require('node-tpm2-openharmony-arm64/package.json').version
if (bindingPackageVersion !== '0.0.5' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
throw new Error(`Native binding package version mismatch, expected 0.0.5 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
if (bindingPackageVersion !== '0.0.6' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
throw new Error(`Native binding package version mismatch, expected 0.0.6 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
}

@@ -519,4 +519,4 @@ return binding

const bindingPackageVersion = require('node-tpm2-openharmony-x64/package.json').version
if (bindingPackageVersion !== '0.0.5' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
throw new Error(`Native binding package version mismatch, expected 0.0.5 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
if (bindingPackageVersion !== '0.0.6' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
throw new Error(`Native binding package version mismatch, expected 0.0.6 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
}

@@ -536,4 +536,4 @@ return binding

const bindingPackageVersion = require('node-tpm2-openharmony-arm/package.json').version
if (bindingPackageVersion !== '0.0.5' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
throw new Error(`Native binding package version mismatch, expected 0.0.5 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
if (bindingPackageVersion !== '0.0.6' && process.env.NAPI_RS_ENFORCE_VERSION_CHECK && process.env.NAPI_RS_ENFORCE_VERSION_CHECK !== '0') {
throw new Error(`Native binding package version mismatch, expected 0.0.6 but got ${bindingPackageVersion}. You can reinstall dependencies to fix this issue.`)
}

@@ -540,0 +540,0 @@ return binding

{
"name": "node-tpm2",
"version": "0.0.5",
"version": "0.0.6",
"description": "TPM 2.0 attestation for Node.js — prebuilt native bindings, PCR quotes, and fleet-ready Windows PCP keys. No tpm2-tools.",

@@ -47,2 +47,3 @@ "type": "module",

"docs/roadmap.md",
"SECURITY.md",
"examples"

@@ -86,12 +87,12 @@ ],

"optionalDependencies": {
"node-tpm2-windows-x64-msvc": "0.0.5",
"node-tpm2-windows-arm64-msvc": "0.0.5",
"node-tpm2-linux-x64-gnu": "0.0.5",
"node-tpm2-linux-arm64-gnu": "0.0.5",
"node-tpm2-linux-x64-musl": "0.0.5",
"node-tpm2-linux-arm64-musl": "0.0.5",
"node-tpm2-darwin-arm64": "0.0.5",
"node-tpm2-win32-x64-msvc": "0.0.5",
"node-tpm2-win32-arm64-msvc": "0.0.5"
"node-tpm2-windows-x64-msvc": "0.0.6",
"node-tpm2-windows-arm64-msvc": "0.0.6",
"node-tpm2-linux-x64-gnu": "0.0.6",
"node-tpm2-linux-arm64-gnu": "0.0.6",
"node-tpm2-linux-x64-musl": "0.0.6",
"node-tpm2-linux-arm64-musl": "0.0.6",
"node-tpm2-darwin-arm64": "0.0.6",
"node-tpm2-win32-x64-msvc": "0.0.6",
"node-tpm2-win32-arm64-msvc": "0.0.6"
}
}
# node-tpm2
[![Socket Supply Chain](https://socket.dev/api/badge/npm/package/node-tpm2)](https://socket.dev/npm/package/node-tpm2)
Native TPM 2.0 for Node.js. Prebuilt binaries — no `tpm2-tools`, no `tpm2-tss`, no Rust at install time.

@@ -21,3 +23,3 @@

**Stable** (`0.0.5`). Full public API implemented and validated on real Windows 11 + Intel TPM. [API reference](./docs/api-reference.md) · [Roadmap](./docs/roadmap.md).
**Stable** (`0.0.6`). Full public API implemented and validated on real Windows 11 + Intel TPM. [API reference](./docs/api-reference.md) · [Roadmap](./docs/roadmap.md).

@@ -464,2 +466,12 @@ ---

## Supply chain transparency
This package is a **native TPM binding** (prebuilt `.node` + napi-rs loader). [Socket.dev](https://socket.dev/npm/package/node-tpm2) scores it highly on quality, license, and vulnerability, with a lower **Supply Chain Security** score (~71) that reflects **structural native-module patterns**, not a known defect.
Typical flags: dynamic `require` of platform binaries, filesystem reads for libc detection, env vars (`NAPI_RS_*`), and a **hardcoded** `ldd --version` shell fallback in the generated loader (Linux only, last resort). Each is documented in [SECURITY.md](./SECURITY.md).
We publish the Socket score and the full alert-by-alert accounting voluntarily — see [SECURITY.md](./SECURITY.md) for details and how to report security issues.
---
## Contributing

@@ -475,3 +487,3 @@

Docs: [getting-started.md](./docs/getting-started.md) · [windows-pcp.md](./docs/windows-pcp.md) · [roadmap.md](./docs/roadmap.md)
Docs: [getting-started.md](./docs/getting-started.md) · [windows-pcp.md](./docs/windows-pcp.md) · [roadmap.md](./docs/roadmap.md) · [SECURITY.md](./SECURITY.md)

@@ -478,0 +490,0 @@ Low-level Rust validation: `cargo run --no-default-features --features probe-bin --bin tbs-probe --` (repo only, not published to npm).