@argonprotocol/testing
A testing library to launch locally built binaries/dockers for Argon.
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:env-spread | AI (semgrep): Spreading process.env to pass to a spawned child process is standard for test harnesses launching local binaries. | ai | |
| semgrep | semgrep:child-process-import | AI (semgrep): This package's purpose is to spawn local blockchain/test binaries; child_process use is expected and documented. | ai | |
| semgrep | semgrep:shady-links-raw-ip | AI (semgrep): Raw IP is 127.0.0.1 (localhost) used for local test infrastructure, not exfiltration. | ai | |
| phantom-deps | phantom-dep:vitest | AI (phantom-deps): vitest is a declared runtime dependency used as a test framework; phantom-dep heuristic is a false positive here. | ai |
Versions (showing 6 of 6)
| Version | Deps | Published |
|---|---|---|
| 1.4.6 | 8 / 6 | |
| 1.4.5 | 8 / 6 | |
| 1.4.4 | 8 / 6 | |
| 1.4.3 | 9 / 6 | |
| 1.3.14 | 9 / 6 | |
| 1.1.0 | 7 / 5 |
v1.4.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.4.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.4.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.3.14
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.1.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.