@alephium/web3 GPL 8 versions

@alephium/web3

npm Repository Homepage

A JS/TS library to interact with the Alephium platform

8

Versions

GPL

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

alephium-personaleyetteamikapote

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
bogus-package	bogus-package	AI (bogus-package): Established blockchain SDK; sparse README/keywords are cosmetic, not indicative of spam.	ai	2026/05/03
phantom-deps	phantom-dep:path-browserify	AI (phantom-deps): path-browserify is declared as a runtime dep and referenced in webpack/browser config; phantom-dep heuristic is a false positive here.	ai	2026/04/30
semgrep	semgrep:shady-links-raw-ip	AI (semgrep): Raw IP is a dummy placeholder URL used when forwarding requests via custom handler; not a real network target.	ai	2026/04/29

Versions (showing 8 of 8)

Version	Deps	Published
3.0.4	6 / 22	2026-04-27
3.0.3	6 / 22	2026-04-20
3.0.2	6 / 22	2026-04-14
3.0.1	6 / 22	2026-04-14
3.0.0	6 / 22	2026-04-14
2.0.11	11 / 34	2026-04-08
2.0.10	11 / 34	2026-03-31
2.0.8	11 / 34	2025-11-25

v3.0.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.0.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.0.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.0.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.11

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.10

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.8

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.