← Home

@bananapus/univ4-lp-split-hook-v6

npm Repository Homepage

`@bananapus/univ4-lp-split-hook-v6` is a split hook that accumulates reserved Juicebox project tokens and then deploys them into a Uniswap V4 concentrated liquidity position bounded by the project's issuance and cash-out economics.

12
Versions
MIT
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

simplemachineme.jangofilipviz

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
phantom-deps phantom-dep:@bananapus/buyback-hook-v6 AI (phantom-deps): Same-org dep used as Foundry remapping/config dependency, not a JS import — consistent with all other phantom deps in this Solidity package. ai
bogus-package bogus-package AI (bogus-package): Specialized DeFi library; README links to ecosystem docs and GitHub, not a phishing farm. ai
phantom-deps phantom-dep:solady AI (phantom-deps): Solidity package; deps are Foundry remappings, not JS imports. Phantom-dep is a stable false positive for this package. ai
phantom-deps phantom-dep:@bananapus/suckers-v6 AI (phantom-deps): Same org Solidity dep used via Foundry remappings; not a JS import. ai
dependencies unvetted-dep:@uniswap/permit2 AI (dependencies): Uniswap/permit2 has no npm registry release; GitHub source dep is the standard pattern for Solidity/Foundry projects. ai
npm-metadata url-dep:@uniswap/permit2 AI (npm-metadata): Same rationale: permit2 is only available via GitHub; this is expected for this package's Foundry toolchain. ai
phantom-deps phantom-dep:@sphinx-labs/contracts AI (phantom-deps): Solidity library dependency used via Foundry remappings, not JS imports. ai
phantom-deps phantom-dep:@openzeppelin/contracts AI (phantom-deps): Solidity library dependency used via Foundry remappings, not JS imports. ai
phantom-deps phantom-dep:solmate AI (phantom-deps): Solidity library dependency used via Foundry remappings, not JS imports. Stable pattern for this package. ai
phantom-deps phantom-dep:@bananapus/permission-ids-v6 AI (phantom-deps): Same-org Solidity library used via Foundry remappings, not JS imports. ai
phantom-deps phantom-dep:@bananapus/address-registry-v6 AI (phantom-deps): Same-org Solidity library used via Foundry remappings, not JS imports. ai
phantom-deps phantom-dep:@bananapus/univ4-router-v6 AI (phantom-deps): Same-org Solidity library used via Foundry remappings, not JS imports. ai
phantom-deps phantom-dep:@prb/math AI (phantom-deps): Solidity library dependency used via Foundry remappings, not JS imports. ai
phantom-deps phantom-dep:@uniswap/permit2 AI (phantom-deps): Solidity library dependency used via Foundry remappings, not JS imports. ai
phantom-deps phantom-dep:@uniswap/v4-core AI (phantom-deps): Solidity library dependency used via Foundry remappings, not JS imports. ai
phantom-deps phantom-dep:@bananapus/core-v6 AI (phantom-deps): Same-org Solidity library used via Foundry remappings, not JS imports. ai
phantom-deps phantom-dep:@uniswap/v4-periphery AI (phantom-deps): Solidity library dependency used via Foundry remappings, not JS imports. ai

Versions (showing 12 of 12)

Version Deps Published
0.0.56 13 / 1
0.0.52 12 / 1
0.0.50 12 / 1
0.0.48 12 / 1
0.0.39 12 / 1
0.0.26 11 / 1
0.0.24 11 / 1
0.0.23 11 / 1
0.0.21 11 / 1
0.0.17 10 / 1
0.0.11 10 / 1
0.0.10 10 / 1

v0.0.56

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.52

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.50

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.48

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.39

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.24

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.23

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.21

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.17

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.11

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.10

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.