brin
brin

@sigstore/sign

npm

Is @sigstore/sign safe to use?

Based on the latest brin safety scan, no vulnerabilities or threats were detected for @sigstore/sign v4.1.0. Trust score: 65/100. No known CVE vulnerabilities, no detected threat patterns, and no suspicious capabilities identified. This is an automated, point-in-time assessment.

Install (safety-checked)

@sigstore/sign Passed Security Checks

No security concerns detected

clean
CVEs

0

Threats

0

Install Scripts

0

No Concerns Detected

No security concerns detected in the latest brin assessment. This is an automated, point-in-time evaluation — security posture may change.

This is an automated, point-in-time assessment and may contain errors. Findings are risk indicators, not confirmed threats. Security posture may change over time. Maintainers can dispute findings via the brin review process.

@sigstore/sign Capabilities & Permissions

What @sigstore/sign can access when installed. Review these capabilities before using with AI agents like Cursor, Claude Code, or Codex.

Environment Variables

Accesses the following environment variables.

ACTIONS_ID_TOKEN_REQUEST_TOKENACTIONS_ID_TOKEN_REQUEST_URLSIGSTORE_ID_TOKEN

AGENTS.md for @sigstore/sign

Good instructions lead to good results. brin adds @sigstore/sign documentation to your AGENTS.md so your agent knows how to use it properly—improving both safety and performance.

brin init

Vercel's research: 100% accuracy with AGENTS.md vs 53% without →

@sigstore/sign Documentation & Source Code

For the full @sigstore/sign README, API documentation, and source code, visit the official package registry.

View on npmView SourceHomepage

Frequently asked questions about @sigstore/sign safety

Weekly Downloads

7.2M

Version

4.1.0

License

Apache-2.0

Last Scanned

Feb 1, 2026

Trust Score

65/100·Legitimacy signals, not safety

Capabilities

Environment

Accesses: ACTIONS_ID_TOKEN_REQUEST_TOKEN, ACTIONS_ID_TOKEN_REQUEST_URL, SIGSTORE_ID_TOKEN

Is @sigstore/sign Safe? | npm Safety Scan - brin