@agentnetwork/anet
AgentNetwork — Decentralized P2P Network for AI Agents
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| install-scripts | install-script:postinstall | AI (install-scripts): Postinstall selects platform-specific prebuilt binary from optional deps; standard native binary distribution pattern. | ai | |
| typosquat | typosquat.levenshtein:next | AI (typosquat): Scoped package @agentnetwork/anet is not a plausible typosquat of 'next'; different namespace and purpose. | ai | |
| typosquat | typosquat.levenshtein:knex | AI (typosquat): Scoped package @agentnetwork/anet is not a plausible typosquat of 'knex'; different namespace and purpose. | ai |
v1.1.11
2 findingsScript: node install.js
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.5
2 findingsScript: node install.js
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.3
2 findingsScript: node install.js
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.1.1
2 findingsScript: node install.js
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.