@bitgo/wasm-solana No license 24 versions

@bitgo/wasm-solana

npm Repository Homepage

24

Versions

—

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

louib-bitgobitgobot

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	net-exec-file:dist/esm/js/wasm/wasm_solana_bg.js	AI (source-diff): Standard wasm-bindgen JS glue output; network/exec pattern is wasm memory management, not malware.	ai	2026/05/17
source-diff	net-exec-file:dist/cjs/js/wasm/wasm_solana.js	AI (source-diff): Standard wasm-bindgen CJS glue output; same false-positive pattern as ESM counterpart.	ai	2026/05/17
bogus-package	bogus-package	AI (bogus-package): BitGo monorepo stub package; sparse metadata is a known pattern for their wasm/native binding placeholders.	ai	2026/05/17

Versions (showing 24 of 24)

Version	Deps	Published
2.8.1	0 / 8	2026-03-27
2.8.0	0 / 8	2026-03-19
2.7.2	0 / 8	2026-03-18
2.7.1	0 / 8	2026-03-17
2.7.0	0 / 8	2026-03-13
2.6.0	0 / 8	2026-02-27
2.5.0	0 / 8	2026-02-17
2.4.1	0 / 8	2026-02-13
2.4.0	0 / 8	2026-02-13
2.3.0	0 / 8	2026-02-12
2.2.0	0 / 8	2026-02-12
2.1.0	0 / 8	2026-02-12
2.0.1	0 / 8	2026-02-10
2.0.0	0 / 8	2026-02-09
1.6.0	0 / 8	2026-02-04
1.5.0	0 / 8	2026-02-04
1.4.2	0 / 8	2026-02-04
1.4.1	0 / 8	2026-02-03
1.4.0	0 / 8	2026-02-02
1.3.0	0 / 8	2026-01-29
1.2.0	0 / 8	2026-01-27
1.1.0	0 / 8	2026-01-26
1.0.0	0 / 8	2026-01-20
0.0.1	0 / 0	2026-01-17

v2.8.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.8.0

3 findings

HIGH New file with network + code execution: dist/esm/js/wasm/wasm_solana_bg.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New file with network + code execution: dist/cjs/js/wasm/wasm_solana.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.7.2

3 findings

HIGH New file with network + code execution: dist/esm/js/wasm/wasm_solana_bg.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New file with network + code execution: dist/cjs/js/wasm/wasm_solana.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.7.1

3 findings

HIGH New file with network + code execution: dist/esm/js/wasm/wasm_solana_bg.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New file with network + code execution: dist/cjs/js/wasm/wasm_solana.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.7.0

3 findings

HIGH New file with network + code execution: dist/esm/js/wasm/wasm_solana_bg.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New file with network + code execution: dist/cjs/js/wasm/wasm_solana.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.6.0

3 findings

HIGH New file with network + code execution: dist/esm/js/wasm/wasm_solana_bg.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New file with network + code execution: dist/cjs/js/wasm/wasm_solana.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.5.0

3 findings

HIGH New file with network + code execution: dist/esm/js/wasm/wasm_solana_bg.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New file with network + code execution: dist/cjs/js/wasm/wasm_solana.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.4.1

3 findings

HIGH New file with network + code execution: dist/esm/js/wasm/wasm_solana_bg.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New file with network + code execution: dist/cjs/js/wasm/wasm_solana.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.4.0

3 findings

HIGH New file with network + code execution: dist/esm/js/wasm/wasm_solana_bg.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New file with network + code execution: dist/cjs/js/wasm/wasm_solana.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.3.0

3 findings

HIGH New file with network + code execution: dist/esm/js/wasm/wasm_solana_bg.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New file with network + code execution: dist/cjs/js/wasm/wasm_solana.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.2.0

3 findings

HIGH New file with network + code execution: dist/esm/js/wasm/wasm_solana_bg.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New file with network + code execution: dist/cjs/js/wasm/wasm_solana.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.1.0

3 findings

HIGH New file with network + code execution: dist/esm/js/wasm/wasm_solana_bg.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New file with network + code execution: dist/cjs/js/wasm/wasm_solana.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.1

3 findings

HIGH New file with network + code execution: dist/esm/js/wasm/wasm_solana_bg.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New file with network + code execution: dist/cjs/js/wasm/wasm_solana.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.0

3 findings

HIGH New file with network + code execution: dist/esm/js/wasm/wasm_solana_bg.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New file with network + code execution: dist/cjs/js/wasm/wasm_solana.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.6.0

3 findings

HIGH New file with network + code execution: dist/esm/js/wasm/wasm_solana_bg.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New file with network + code execution: dist/cjs/js/wasm/wasm_solana.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.5.0

3 findings

HIGH New file with network + code execution: dist/esm/js/wasm/wasm_solana_bg.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New file with network + code execution: dist/cjs/js/wasm/wasm_solana.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.4.2

3 findings

HIGH New file with network + code execution: dist/esm/js/wasm/wasm_solana_bg.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New file with network + code execution: dist/cjs/js/wasm/wasm_solana.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.4.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.4.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.3.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.2.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.1.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.