@audius/sdk
Audius SDK
2
Versions
Apache-2.0
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
gitHead linked
Maintainers
dylanjeffersaudius-projectmarcus_audius
Keywords
audiussdkapimusicaudioweb3decentralizedblockchain
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:shady-links-raw-ip | AI (semgrep): Raw IP is 127.0.0.1 used only in dev-mode branch; not a network exfiltration risk. | ai | |
| phantom-deps | phantom-dep:url | AI (phantom-deps): Polyfill declared for bundler config; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:borsh | AI (phantom-deps): Declared for bundler/config use; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:assert | AI (phantom-deps): Node polyfill declared for bundler config; stable false positive. | ai | |
| phantom-deps | phantom-dep:semver | AI (phantom-deps): Declared dep used transitively; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:type-fest | AI (phantom-deps): Type-only usage not detected by import scanner; stable false positive. | ai | |
| phantom-deps | phantom-dep:form-data | AI (phantom-deps): Declared for bundler/config use; stable false positive. | ai | |
| phantom-deps | phantom-dep:xmlhttprequest | AI (phantom-deps): Browser polyfill declared for bundler config; stable false positive. | ai | |
| phantom-deps | phantom-dep:node-localstorage | AI (phantom-deps): Node environment polyfill; stable false positive. | ai | |
| phantom-deps | phantom-dep:node-abort-controller | AI (phantom-deps): Node polyfill; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@wormhole-foundation/sdk | AI (phantom-deps): Declared dep used via re-exports; stable false positive. | ai | |
| phantom-deps | phantom-dep:@improbable-eng/grpc-web-node-http-transport | AI (phantom-deps): Transport polyfill loaded by convention; stable false positive. | ai | |
| phantom-deps | phantom-dep:@babel/runtime | AI (phantom-deps): Framework-scoped, loaded by convention; stable false positive. | ai |
v15.3.1
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.3.0
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.