brin
brin

sigstore

npm

Is sigstore safe to use?

Based on the latest brin safety scan, no vulnerabilities or threats were detected for sigstore v4.1.0. Trust score: 65/100. No known CVE vulnerabilities, no detected threat patterns, and no suspicious capabilities identified. This is an automated, point-in-time assessment.

Install (safety-checked)

sigstore Passed Security Checks

No security concerns detected

clean
CVEs

0

Threats

0

Install Scripts

0

No Concerns Detected

No security concerns detected in the latest brin assessment. This is an automated, point-in-time evaluation — security posture may change.

This is an automated, point-in-time assessment and may contain errors. Findings are risk indicators, not confirmed threats. Security posture may change over time. Maintainers can dispute findings via the brin review process.

sigstore Capabilities & Permissions

No system capabilities detected for sigstore. It does not appear to access the network, filesystem, spawn processes, or use native modules. No capability concerns identified for use with AI coding agents.

AGENTS.md for sigstore

Good instructions lead to good results. brin adds sigstore documentation to your AGENTS.md so your agent knows how to use it properly—improving both safety and performance.

brin init

Vercel's research: 100% accuracy with AGENTS.md vs 53% without →

sigstore Documentation & Source Code

For the full sigstore README, API documentation, and source code, visit the official package registry.

View on npmView SourceHomepage

Frequently asked questions about sigstore safety

Weekly Downloads

7.3M

Version

4.1.0

License

Apache-2.0

Other Versions

4.2.0

Last Scanned

Jan 31, 2026

Trust Score

65/100·Legitimacy signals, not safety

Capabilities

No special capabilities detected