@aptos-scp/scp-component-store-selling-features-domain-model

This component library provides the common components to handle the coordination of processing the business events from the UI.

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

mraoaptosaly-aptos-comsfrederick3anshu.sharmanapoleonlazoaptosrjeyapaul-aptos-comranjan.mishraaptosarajoria-aptos-comadoppalapudi-aptos-commahendraborchate-aptos-comhrobieaptoslabsbgillaptspringciwanderson-aptosmscandoloprabhuramesh-aptos-comkevinrobertsonaptosuhernandezaptoscapstone-isjmeyersjcampanellaazhytkevichaptoselendofmjonessshikharrgrigoroiumpajukggeorge-aptos-comsapatelanilkumarsinghaptosamercednkeaneyajholztjohnsonaptoskvlogiannitiswwilkieaptosidimitrovaptosjgalanakisrnsavagebalavitruviusdipan68pvenukumarsmandalsnagarajdcosletjespinozaaptosfernandeznfmartinez-aptos-comaptos-apinedaydingaptosstevenbouchardaptosone_npmmvgeeteruyenlramirezaptoshkuttipuravanrmartinezaptosanilkumar.reddymvenkatarajuakhoukazmstoneraptossallipurgmyers-aptosagawarergoel-aptos-commgondhalkar-aptos-comrrudrakanthwar-aptos-compkushwaha-aptos-comskeaneyaptosdhughesaptosbmclaughlinaptosaajayan-aptos-comaperiyasamy-aptos-comjloginaptoscuptonaptosasoni-aptos-comccepbkulichaptosjbrennanaptosgkaurrorocaptosaptosjguillemetteamitkumaraptosrjayantiaptosrevanasiddaptosvpakanati-aptos-combkansara-aptos-comoblevinsaptosmkulichaptosawongaptosprapanna.mondalabharadwajaptosddelsavioaptosdburroughsaptosgriveriniperezaptosmedwardsaptosnandan-aptos-comaptosalakmalalit.puriaptosalexhensonaptosdjain-aptos-comapangburnaptosrjburton63yogeshdahake-aptos-comswangaptosrmadgundi-aptos-comssethumadhavan-aptosgordongillespieaptosibhaskaranaptosmahmedaptoslmerrittdskripnikovaptosrathnabm-aptos-comcharishma.chandrakumarshobhitsinghaptosogonzalezaptoschetansbaptosasutoshpandaaptosdev.infradhruvabaptosbsheppardmatsuoaptoschallakarthikaptosvpawar-aptos-combkumar-aptos-comgautamhrishikeshaptosvishnu.rajawat.aptosshivindrakantiaptosagiridhar-aptos-comdianovaleaptossreddyaptosjvyasmlmcintoshaptossaifialiaptossukritibahriaptoscharles.dupeeritugowdaaptosrparthasarathyigordonnickkayurovaptosbwongaptosmanikandanpaptosasurya-aptos-comachapaitkar-aptos-comaarathi.varshadabdulaptosadityapotdaraptosnarendra.rpkadlikoppa-aptos-comsanjanabanothaptosrisharorasaravanantaptosrahulshettyaptosamanjakharaptosramyasaptosmahesh.annavarapuvkhilnaniaptosarchanahuckavathekartheamoghpalbdas-aptos-comanjalikumariaptosamohanishgeetanshmamtaniaptosnvani-aptos-comlyndonpuzonaptosmohitgahlotaptosavigyan-bhakta-aptos-comammatteplozano_aptosrujoolpatilaptosfsalaicesmark.baker-aptos-comsperkinsaptosluke.tibbetts-aptos-comnithyarvaptoshtsiolisshishiraptoskkuber-aptos-comkanimozhithangavelaptosvinaykarnatiaptosaruna.mathaptosernest.crastoaptossanikaamaptosjvalan-aptos-commdeshpande-aptos-comjithu-s-aptos-comhgupta-aptos-comsanjanabt-aptos-comkasettysailesh-aptos-comamoghpalelozanoaptossakshamaptoskumarharshaptoskhushi-sharma-aptos-comayushpandeyaptosyukthamaptosvenkateshtadikamallaaptosniveditatiwariaptosjstrohlmanasshahaptosabhilashmishra-aptos-comtalarcon1mayankajainaptosnperumal-aptosssahoo-aptos-comrohanshettyaptoscsuraboyna-aptos-comshreyasinhaaptoskyle-thompson-aptosmichael.kacerpuneetdewanaptosankumaraptosrob-johnson-aptos-comharshwardhansolankiaptossantoshkoganoleaptosksinghaptoslata-rawal-aptos-comnaveenaptossumalikabodeddula-aptos-comdavid-baxendale-aptos-comishani.chaudhuriaptosvishnunc-aptossimonrowlandaptosramyakalal-aptos-comgaurav-pratap-aptos-compulkit-yadav-aptos-compramodp-aptos-comaaugustine-aptos-comksowndaryadeepukumaraptosgopalprasadaptosaryan-kashyap-aptos-com

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
email-domain	unclaimed-email:y.com	AI (email-domain): [email protected] is a placeholder/dummy email, not a real maintainer identity; no hijack risk in practice.	ai	2026/05/26
phantom-deps	phantom-dep:intl	AI (phantom-deps): Referenced in config/polyfill context; stable false positive for this package.	ai	2026/05/26
phantom-deps	phantom-dep:big.js	AI (phantom-deps): Declared dep used transitively or in config; stable false positive.	ai	2026/05/26
phantom-deps	phantom-dep:crc-32	AI (phantom-deps): Declared dep used transitively or in config; stable false positive.	ai	2026/05/26
phantom-deps	phantom-dep:fbemitter	AI (phantom-deps): Declared dep used transitively or in config; stable false positive.	ai	2026/05/26
phantom-deps	phantom-dep:iso-3166-1	AI (phantom-deps): Declared dep used transitively or in config; stable false positive.	ai	2026/05/26
phantom-deps	phantom-dep:fast-json-patch	AI (phantom-deps): Declared dep used transitively or in config; stable false positive.	ai	2026/05/26
phantom-deps	phantom-dep:typescript-string-operations	AI (phantom-deps): Declared dep used transitively or in config; stable false positive.	ai	2026/05/26
phantom-deps	phantom-dep:@aptos-scp/scp-types-canonical-orders-web-services	AI (phantom-deps): Same org scope; stable false positive for this package.	ai	2026/05/26

Versions (showing 34 of 34)

Version	Deps	Published
3.3.0	13 / 66	2026-06-10
2.45.2	13 / 66	2026-04-29
2.36.0	13 / 66	2026-04-01
2.23.0	12 / 66	2025-12-05
2.15.0	11 / 66	2025-11-04
2.14.1	11 / 66	2025-11-04
2.14.0	11 / 66	2025-11-03
2.13.0	11 / 66	2025-11-03
2.12.0	11 / 66	2025-11-03
2.11.0	11 / 66	2025-10-23
2.10.6	11 / 66	2025-10-20
2.10.5	11 / 66	2025-10-15
2.10.4	11 / 66	2025-10-10
2.10.3	11 / 66	2025-10-10
2.10.2	11 / 66	2025-10-07
2.10.1	11 / 66	2025-10-06
2.10.0	11 / 66	2025-10-03
2.9.0	11 / 66	2025-09-19
2.8.1	11 / 66	2025-09-19
2.8.0	11 / 66	2025-09-19
2.7.2	11 / 66	2025-09-17
2.7.1	11 / 66	2025-09-15
2.7.0	11 / 66	2025-09-12
2.6.0	11 / 66	2025-09-09
2.5.0	11 / 66	2025-09-05
2.4.2	11 / 66	2025-09-04
2.4.1	11 / 66	2025-09-01
2.4.0	11 / 66	2025-08-31
2.3.0	11 / 66	2025-08-26
2.2.1	11 / 66	2025-08-25
2.2.0	11 / 66	2025-08-25
2.1.1	11 / 66	2025-08-25
2.1.0	11 / 66	2025-08-18
2.0.0	11 / 66	2025-08-16

v3.3.0

2 findings

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: fmartinez-aptos-com → ayushpandeyaptos (on 2026-06-10, known maintainer) provenance

This version was published by a different npm account (ayushpandeyaptos) than the most recent previously approved version (fmartinez-aptos-com) on 2026-06-10, but ayushpandeyaptos is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.

v2.45.2

2 findings

HIGH Unclaimed maintainer email domain: y.com email-domain

Maintainer email '[email protected]' uses domain 'y.com' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.36.0

2 findings

HIGH Unclaimed maintainer email domain: y.com email-domain

Maintainer email '[email protected]' uses domain 'y.com' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.23.0

2 findings

HIGH Unclaimed maintainer email domain: y.com email-domain

Maintainer email '[email protected]' uses domain 'y.com' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.15.0

2 findings

HIGH Unclaimed maintainer email domain: y.com email-domain

Maintainer email '[email protected]' uses domain 'y.com' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.14.1

2 findings

HIGH Unclaimed maintainer email domain: y.com email-domain

Maintainer email '[email protected]' uses domain 'y.com' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.14.0

2 findings

HIGH Unclaimed maintainer email domain: y.com email-domain

Maintainer email '[email protected]' uses domain 'y.com' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.13.0

2 findings

HIGH Unclaimed maintainer email domain: y.com email-domain

Maintainer email '[email protected]' uses domain 'y.com' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.12.0

2 findings

HIGH Unclaimed maintainer email domain: y.com email-domain

Maintainer email '[email protected]' uses domain 'y.com' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.11.0

2 findings

HIGH Unclaimed maintainer email domain: y.com email-domain

Maintainer email '[email protected]' uses domain 'y.com' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.10.6

2 findings

HIGH Unclaimed maintainer email domain: y.com email-domain

Maintainer email '[email protected]' uses domain 'y.com' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.10.5

2 findings

HIGH Unclaimed maintainer email domain: y.com email-domain

Maintainer email '[email protected]' uses domain 'y.com' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.10.4

2 findings

HIGH Unclaimed maintainer email domain: y.com email-domain

Maintainer email '[email protected]' uses domain 'y.com' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.10.3

2 findings

HIGH Unclaimed maintainer email domain: y.com email-domain

Maintainer email '[email protected]' uses domain 'y.com' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.10.2

2 findings

HIGH Unclaimed maintainer email domain: y.com email-domain

Maintainer email '[email protected]' uses domain 'y.com' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.10.1

2 findings

HIGH Unclaimed maintainer email domain: y.com email-domain

Maintainer email '[email protected]' uses domain 'y.com' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.10.0

2 findings

HIGH Unclaimed maintainer email domain: y.com email-domain

Maintainer email '[email protected]' uses domain 'y.com' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.9.0

2 findings

HIGH Unclaimed maintainer email domain: y.com email-domain

Maintainer email '[email protected]' uses domain 'y.com' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.8.1

2 findings

HIGH Unclaimed maintainer email domain: y.com email-domain

Maintainer email '[email protected]' uses domain 'y.com' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.8.0

2 findings

HIGH Unclaimed maintainer email domain: y.com email-domain

Maintainer email '[email protected]' uses domain 'y.com' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.7.2

2 findings

HIGH Unclaimed maintainer email domain: y.com email-domain

Maintainer email '[email protected]' uses domain 'y.com' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.7.1

2 findings

HIGH Unclaimed maintainer email domain: y.com email-domain

Maintainer email '[email protected]' uses domain 'y.com' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.7.0

2 findings

HIGH Unclaimed maintainer email domain: y.com email-domain

Maintainer email '[email protected]' uses domain 'y.com' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.6.0

2 findings

HIGH Unclaimed maintainer email domain: y.com email-domain

Maintainer email '[email protected]' uses domain 'y.com' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.5.0

2 findings

HIGH Unclaimed maintainer email domain: y.com email-domain

Maintainer email '[email protected]' uses domain 'y.com' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.4.2

2 findings

HIGH Unclaimed maintainer email domain: y.com email-domain

Maintainer email '[email protected]' uses domain 'y.com' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.4.1

2 findings

HIGH Unclaimed maintainer email domain: y.com email-domain

Maintainer email '[email protected]' uses domain 'y.com' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.4.0

2 findings

HIGH Unclaimed maintainer email domain: y.com email-domain

Maintainer email '[email protected]' uses domain 'y.com' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.3.0

2 findings

HIGH Unclaimed maintainer email domain: y.com email-domain

Maintainer email '[email protected]' uses domain 'y.com' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.2.1

2 findings

HIGH Unclaimed maintainer email domain: y.com email-domain

Maintainer email '[email protected]' uses domain 'y.com' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.2.0

2 findings

HIGH Unclaimed maintainer email domain: y.com email-domain

Maintainer email '[email protected]' uses domain 'y.com' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.1.1

2 findings

HIGH Unclaimed maintainer email domain: y.com email-domain

Maintainer email '[email protected]' uses domain 'y.com' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.1.0

2 findings

HIGH Unclaimed maintainer email domain: y.com email-domain

Maintainer email '[email protected]' uses domain 'y.com' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.0.0

2 findings

HIGH Unclaimed maintainer email domain: y.com email-domain

Maintainer email '[email protected]' uses domain 'y.com' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.