@chain-registry/cosmostation
Chain Registry to Cosmostation
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:@cosmostation/extension-client | AI (dependencies): Official Cosmostation wallet extension client; expected dependency for a Chain Registry to Cosmostation adapter package. Pinned at 0.1.15 for stability. | ai | |
| provenance | no-provenance | AI (provenance): Established package from highly trusted publisher; lack of provenance attestation is consistent across all versions and is not a security concern for this package. | ai |
Versions (showing 51 of 72)
| Version | Deps | Published |
|---|---|---|
| 2.0.213 | 3 / 1 | |
| 2.0.212 | 3 / 1 | |
| 2.0.211 | 3 / 1 | |
| 2.0.210 | 3 / 1 | |
| 2.0.209 | 3 / 1 | |
| 2.0.208 | 3 / 1 | |
| 2.0.207 | 3 / 1 | |
| 2.0.206 | 3 / 1 | |
| 2.0.205 | 3 / 1 | |
| 2.0.204 | 3 / 1 | |
| 2.0.203 | 3 / 1 | |
| 2.0.202 | 3 / 1 | |
| 2.0.201 | 3 / 1 | |
| 2.0.200 | 3 / 1 | |
| 2.0.199 | 3 / 1 | |
| 2.0.194 | 3 / 1 | |
| 2.0.192 | 3 / 1 | |
| 2.0.191 | 3 / 1 | |
| 2.0.188 | 3 / 1 | |
| 2.0.187 | 3 / 1 | |
| 2.0.181 | 3 / 1 | |
| 2.0.180 | 3 / 1 | |
| 2.0.179 | 3 / 1 | |
| 2.0.178 | 3 / 1 | |
| 2.0.176 | 3 / 1 | |
| 1.72.603 | 3 / 1 | |
| 1.72.602 | 3 / 1 | |
| 1.72.601 | 3 / 1 | |
| 1.72.600 | 3 / 1 | |
| 1.72.599 | 3 / 1 | |
| 1.72.598 | 3 / 1 | |
| 1.72.597 | 3 / 1 | |
| 1.72.596 | 3 / 1 | |
| 1.72.595 | 3 / 1 | |
| 1.72.594 | 3 / 1 | |
| 1.72.593 | 3 / 1 | |
| 1.72.592 | 3 / 1 | |
| 1.72.591 | 3 / 1 | |
| 1.72.590 | 3 / 1 | |
| 1.72.589 | 3 / 1 | |
| 1.72.588 | 3 / 1 | |
| 1.72.587 | 3 / 1 | |
| 1.72.586 | 3 / 1 | |
| 1.72.585 | 3 / 1 | |
| 1.72.584 | 3 / 1 | |
| 1.72.583 | 3 / 1 | |
| 1.72.582 | 3 / 1 | |
| 1.72.581 | 3 / 1 | |
| 1.72.580 | 3 / 1 | |
| 1.72.579 | 3 / 1 | |
| 1.72.578 | 3 / 1 |
v2.0.213
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.212
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.211
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.210
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.209
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.208
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.207
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.206
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.205
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.204
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.203
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.202
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.201
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.200
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.199
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.192
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.0.191
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.0.188
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.0.187
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.0.181
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.0.180
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.0.179
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.0.178
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.0.176
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.72.603
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.72.602
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.72.601
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.72.600
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.72.599
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.72.598
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.72.597
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.72.596
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.72.595
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.72.594
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.72.593
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.72.592
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.72.591
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.72.590
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.72.589
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.72.588
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.72.587
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.72.586
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.72.585
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.72.584
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.72.583
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.72.582
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.72.581
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.72.580
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.72.579
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.72.578
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.