@bitgo/account-lib
BitGo's account library functions
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| publish-pattern | new-deps-added | AI (publish-pattern): BitGo monorepo regularly adds new @bitgo/sdk-coin-* deps; same-org scoped package, not a third-party supply chain risk. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Large SDK aggregator; sparse README and no keywords are expected for an internal monorepo module. | ai | |
| phantom-deps | phantom-dep:bs58 | AI (phantom-deps): bs58 is declared as a runtime dep and used transitively; phantom-dep heuristic false positive for this package. | ai | |
| phantom-deps | phantom-dep:bignumber.js | AI (phantom-deps): bignumber.js is declared as a runtime dep; phantom-dep heuristic false positive for this package. | ai | |
| phantom-deps | phantom-dep:@bitgo/sdk-lib-mpc | AI (phantom-deps): Same-org monorepo dep; phantom-dep heuristic false positive for this package. | ai |
Versions (showing 14 of 14)
| Version | Deps | Published |
|---|---|---|
| 27.22.5 | 68 / 6 | |
| 27.22.4 | 68 / 6 | |
| 27.22.3 | 68 / 6 | |
| 27.22.2 | 68 / 6 | |
| 27.22.1 | 68 / 6 | |
| 27.22.0 | 68 / 6 | |
| 27.21.3 | 67 / 6 | |
| 27.21.2 | 67 / 6 | |
| 27.21.1 | 67 / 6 | |
| 27.21.0 | 67 / 6 | |
| 27.20.4 | 66 / 6 | |
| 27.20.3 | 66 / 6 | |
| 27.20.2 | 66 / 6 | |
| 27.20.1 | 66 / 6 |
v27.22.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v27.22.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v27.22.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v27.22.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v27.22.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v27.22.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v27.21.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v27.21.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v27.21.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v27.21.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v27.20.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v27.20.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v27.20.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v27.20.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.