@blockrun/clawrouter — Greenflagged

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

1bcmax

Keywords

llmroutersmart-routingaiopenclawblockrunx402usdccost-optimizationopenaianthropicgeminideepseekusdc-hackathon-winneragentic-commerce

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	encoded-string-file:dist/index.js	AI (source-diff): Same viem EVM bytecode constants; stable false positive for this blockchain routing package.	ai	2026/04/27
source-diff	encoded-string-file:dist/cli.js	AI (source-diff): Long hex strings are EVM bytecode constants from viem library (deployless call, multicall3); not obfuscated payloads.	ai	2026/04/27
phantom-deps	phantom-dep:@x402/core	AI (phantom-deps): Part of the @x402 micropayment suite; referenced in config/plugin files. Stable false positive for this package's architecture.	ai	2026/04/27
phantom-deps	phantom-dep:@x402/fetch	AI (phantom-deps): Config-referenced dep for x402 payment protocol integration; stable false positive for this package.	ai	2026/04/27
phantom-deps	phantom-dep:@solana/kit	AI (phantom-deps): Config-referenced dep for Solana payment support; stable false positive for this package.	ai	2026/04/27
phantom-deps	phantom-dep:@scure/bip39	AI (phantom-deps): Config-referenced cryptographic dep; stable false positive for this package.	ai	2026/04/27
phantom-deps	phantom-dep:viem	AI (phantom-deps): viem is an EVM library used in config/plugin context; stable false positive for this package.	ai	2026/04/27
phantom-deps	phantom-dep:@scure/bip32	AI (phantom-deps): Config-referenced cryptographic dep; stable false positive for this package.	ai	2026/04/27
phantom-deps	phantom-dep:@x402/evm	AI (phantom-deps): Deps are referenced in config/plugin files for dynamic loading in the openclaw plugin architecture; not a real phantom dep for this package.	ai	2026/04/27
phantom-deps	phantom-dep:@x402/svm	AI (phantom-deps): Same as @x402/evm — config-referenced dep for plugin architecture, stable false positive.	ai	2026/04/27
dependencies	unvetted-peer-dep:openclaw	AI (dependencies): openclaw is an optional peer dep from the same BlockRun ecosystem; it's also a devDependency, indicating intentional use. Stable false positive for this package.	ai	2026/04/27

Versions (showing 51 of 379)

View all versions

Version	Deps	Published
0.12.203	8 / 9	2026-06-06
0.12.202	8 / 9	2026-06-06
0.12.201	8 / 9	2026-06-06
0.12.200	8 / 9	2026-06-01
0.12.199	8 / 9	2026-05-31
0.12.198	8 / 9	2026-05-29
0.12.197	8 / 9	2026-05-27
0.12.196	8 / 9	2026-05-24
0.12.195	8 / 9	2026-05-23
0.12.194	8 / 9	2026-05-18
0.12.193	8 / 9	2026-05-17
0.12.192	8 / 9	2026-05-16
0.12.191	8 / 9	2026-05-15
0.12.190	8 / 9	2026-05-13
0.12.189	8 / 9	2026-05-12
0.12.188	8 / 9	2026-05-09
0.12.187	8 / 9	2026-05-08
0.12.186	8 / 9	2026-05-06
0.12.185	8 / 9	2026-05-04
0.12.184	8 / 9	2026-05-04
0.12.183	8 / 9	2026-05-04
0.12.182	8 / 9	2026-05-04
0.12.181	8 / 9	2026-05-04
0.12.180	8 / 9	2026-05-04
0.12.179	8 / 9	2026-05-04
0.12.177	8 / 9	2026-05-03
0.12.176	8 / 9	2026-05-03
0.12.175	8 / 9	2026-05-03
0.12.174	8 / 9	2026-05-03
0.12.173	8 / 9	2026-05-03
0.12.172	8 / 9	2026-04-30
0.12.171	8 / 9	2026-04-30
0.12.169	8 / 9	2026-04-28
0.12.168	8 / 9	2026-04-25
0.12.167	8 / 9	2026-04-25
0.12.166	8 / 9	2026-04-24
0.12.165	8 / 9	2026-04-24
0.12.163	8 / 9	2026-04-23
0.12.162	8 / 9	2026-04-23
0.12.161	8 / 9	2026-04-22
0.12.160	8 / 9	2026-04-22
0.12.159	8 / 9	2026-04-21
0.12.158	8 / 9	2026-04-20
0.12.157	8 / 9	2026-04-20
0.12.156	8 / 9	2026-04-20
0.12.155	8 / 9	2026-04-18
0.12.154	8 / 9	2026-04-17
0.12.153	8 / 9	2026-04-16
0.12.152	8 / 9	2026-04-16
0.12.151	8 / 9	2026-04-16
0.12.150	8 / 9	2026-04-15