brin
brin

@sigstore/tuf

npm

Is @sigstore/tuf safe to use?

Based on the latest brin safety scan, no vulnerabilities or threats were detected for @sigstore/tuf v4.0.1. Trust score: 65/100. No known CVE vulnerabilities, no detected threat patterns, and no suspicious capabilities identified. This is an automated, point-in-time assessment.

Install (safety-checked)

@sigstore/tuf Passed Security Checks

No security concerns detected

clean
CVEs

0

Threats

0

Install Scripts

0

No Concerns Detected

No security concerns detected in the latest brin assessment. This is an automated, point-in-time evaluation — security posture may change.

This is an automated, point-in-time assessment and may contain errors. Findings are risk indicators, not confirmed threats. Security posture may change over time. Maintainers can dispute findings via the brin review process.

@sigstore/tuf Capabilities & Permissions

What @sigstore/tuf can access when installed. Review these capabilities before using with AI agents like Cursor, Claude Code, or Codex.

Environment Variables

Accesses the following environment variables.

LOCALAPPDATAXDG_DATA_HOME

AGENTS.md for @sigstore/tuf

Good instructions lead to good results. brin adds @sigstore/tuf documentation to your AGENTS.md so your agent knows how to use it properly—improving both safety and performance.

brin init

Vercel's research: 100% accuracy with AGENTS.md vs 53% without →

@sigstore/tuf Documentation & Source Code

For the full @sigstore/tuf README, API documentation, and source code, visit the official package registry.

View on npmView SourceHomepage

Frequently asked questions about @sigstore/tuf safety

Weekly Downloads

7.3M

Version

4.0.1

License

Apache-2.0

Last Scanned

Jan 31, 2026

Trust Score

65/100·Legitimacy signals, not safety

Capabilities

Environment

Accesses: LOCALAPPDATA, XDG_DATA_HOME

Is @sigstore/tuf Safe? | npm Safety Scan - brin