@aztec/pxe — Greenflagged

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

zac-williamsonleilawangcharlielyejaosefjoss-aztecprotocolludamad

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
dependencies	unvetted-dep:@aztec/noir-protocol-circuits-types	AI (dependencies): Same-org @aztec scope dependency, part of the monorepo's coordinated versioning.	ai	2026/04/27
publish-pattern	dormant-publish	AI (publish-pattern): Aztec monorepo package with 1025 versions; dormancy reflects org publishing cadence, not account takeover risk.	ai	2026/04/27
bogus-package	bogus-package	AI (bogus-package): Part of the @aztec monorepo with 1025 versions and 6 approved dependents; missing metadata is a monorepo artifact, not spam.	ai	2026/04/27
phantom-deps	phantom-dep:koa	AI (phantom-deps): koa is a declared runtime dependency in package.json; used in server entrypoint. Phantom-dep heuristic is a false positive here.	ai	2026/04/27
semgrep	semgrep:hex-decode	AI (semgrep): Hex decoding in this package is standard ZK/blockchain serialization (Buffer.from(hex, 'hex') for NoteDao deserialization). No malicious payload risk.	ai	2026/04/27
phantom-deps	phantom-dep:koa-router	AI (phantom-deps): koa-router is a declared runtime dependency in package.json; used in server entrypoint. Phantom-dep heuristic is a false positive here.	ai	2026/04/27
phantom-deps	phantom-dep:sha3	AI (phantom-deps): sha3 is a declared runtime dependency in package.json. Phantom-dep heuristic is a false positive for this package.	ai	2026/04/27
phantom-deps	phantom-dep:viem	AI (phantom-deps): viem (as custom fork) is a declared runtime dependency in package.json. Phantom-dep heuristic is a false positive for this package.	ai	2026/04/27
phantom-deps	phantom-dep:tslib	AI (phantom-deps): tslib is a known implicit TypeScript runtime dependency; phantom-dep correctly notes it as such. Stable false positive for this package.	ai	2026/04/27
phantom-deps	phantom-dep:lodash.omit	AI (phantom-deps): lodash.omit is a declared runtime dependency in package.json. Phantom-dep heuristic is a false positive for this package.	ai	2026/04/27
semgrep	semgrep:base64-decode	AI (semgrep): Base64 decoding is used for ZK verification key handling — standard cryptographic practice in a ZK proof system, not a malicious payload.	ai	2026/04/26
phantom-deps	phantom-dep:@aztec/builder	AI (phantom-deps): Same-org @aztec/ scoped package in a monorepo; phantom dep detection is a false positive for monorepo indirect dependencies.	ai	2026/04/26
phantom-deps	phantom-dep:@aztec/ethereum	AI (phantom-deps): Same-org @aztec/ scoped package in a monorepo; phantom dep detection is a false positive for monorepo indirect dependencies.	ai	2026/04/26
phantom-deps	phantom-dep:@aztec/noir-types	AI (phantom-deps): Same-org @aztec/ scoped package in a monorepo; phantom dep detection is a false positive for monorepo indirect dependencies.	ai	2026/04/26
phantom-deps	phantom-dep:@aztec/bb.js	AI (phantom-deps): Same-org @aztec/ scoped package in a monorepo; phantom dep detection is a false positive for monorepo indirect dependencies.	ai	2026/04/26
typosquat	typosquat.levenshtein:pg	AI (typosquat): @aztec/pxe is the Private eXecution Environment component of Aztec Protocol — not a typosquat of 'pg'. The @aztec/ scope and 1025-version history make this a clear false positive.	ai	2026/04/26
semgrep	semgrep:api-obfuscation-reflect	AI (semgrep): Reflect.get() is used in a proxy pattern for dynamic dispatch in proxied_contract_data_source.js — standard JavaScript proxy implementation, not obfuscation.	ai	2026/04/26