@chain-registry/cli
Chain Registry CLI
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| typosquat | typosquat.levenshtein:joi | AI (typosquat): Scoped package @chain-registry/cli is a legitimate Cosmos chain-registry CLI tool with no relation to 'joi'. Levenshtein match is a superficial false positive. | ai | |
| dependencies | unvetted-dep:@chain-registry/workflows | AI (dependencies): First-party dependency within the same @chain-registry namespace, published by the same trusted maintainer (pyramation). | ai | |
| dependencies | unvetted-dep:@chain-registry/interfaces | AI (dependencies): First-party dependency within the same @chain-registry namespace, published by the same trusted maintainer (pyramation). | ai |
Versions (showing 51 of 239)
| Version | Deps | Published |
|---|---|---|
| 1.53.359 | 5 / 0 | |
| 1.53.358 | 5 / 0 | |
| 1.53.357 | 5 / 0 | |
| 1.53.356 | 5 / 0 | |
| 1.53.355 | 5 / 0 | |
| 1.53.354 | 5 / 0 | |
| 1.53.353 | 5 / 0 | |
| 1.53.352 | 5 / 0 | |
| 1.53.351 | 5 / 0 | |
| 1.53.350 | 5 / 0 | |
| 1.53.349 | 5 / 0 | |
| 1.53.348 | 5 / 0 | |
| 1.53.347 | 5 / 0 | |
| 1.53.346 | 5 / 0 | |
| 1.53.345 | 5 / 0 | |
| 1.53.344 | 5 / 0 | |
| 1.53.343 | 5 / 0 | |
| 1.53.342 | 5 / 0 | |
| 1.53.341 | 5 / 0 | |
| 1.53.340 | 5 / 0 | |
| 1.53.339 | 5 / 0 | |
| 1.53.338 | 5 / 0 | |
| 1.53.337 | 5 / 0 | |
| 1.53.336 | 5 / 0 | |
| 1.53.335 | 5 / 0 | |
| 1.53.334 | 5 / 0 | |
| 1.53.333 | 5 / 0 | |
| 1.53.332 | 5 / 0 | |
| 1.53.331 | 5 / 0 | |
| 1.53.330 | 5 / 0 | |
| 1.53.329 | 5 / 0 | |
| 1.53.328 | 5 / 0 | |
| 1.53.327 | 5 / 0 | |
| 1.53.326 | 5 / 0 | |
| 1.53.325 | 5 / 0 | |
| 1.53.324 | 5 / 0 | |
| 1.53.323 | 5 / 0 | |
| 1.53.322 | 5 / 0 | |
| 1.53.321 | 5 / 0 | |
| 1.53.320 | 5 / 0 | |
| 1.53.319 | 5 / 0 | |
| 1.53.318 | 5 / 0 | |
| 1.53.317 | 5 / 0 | |
| 1.53.316 | 5 / 0 | |
| 1.53.315 | 5 / 0 | |
| 1.53.313 | 5 / 0 | |
| 1.53.312 | 5 / 0 | |
| 1.53.311 | 5 / 0 | |
| 1.53.310 | 5 / 0 | |
| 1.53.309 | 5 / 0 | |
| 1.53.308 | 5 / 0 |
v1.53.359
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.53.358
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.53.357
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.53.356
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.53.355
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.53.354
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.53.353
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.53.352
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.53.351
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.53.350
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.53.349
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.53.348
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.53.347
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.53.346
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.53.345
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.53.344
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.53.343
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.53.342
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.53.341
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.53.339
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.53.338
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.53.337
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.53.336
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.53.335
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.53.334
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.53.333
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.53.332
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.53.331
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.53.330
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.53.329
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.53.328
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.53.327
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.53.326
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.53.325
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.53.324
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.53.323
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.53.322
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.53.319
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.53.316
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.53.310
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.