@chain-registry/v2
Cosmos chain registry ⚛️
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:shady-links-tlds | AI (semgrep): Chain registry is a data package containing blockchain RPC endpoint URLs. TLDs like .xyz are legitimate validator domains, not C2 infrastructure. This pattern will always fire on chain registry data files. | ai | |
| semgrep | semgrep:shady-links-raw-ip | AI (semgrep): Raw IP addresses in chain registry files are legitimate blockchain validator node endpoints, not malicious network requests. This is expected data content for a chain registry package. | ai | |
| typosquat | typosquat.levenshtein:pg | AI (typosquat): Scoped package @chain-registry/v2 cannot reasonably be confused with pg (PostgreSQL client). Levenshtein match is spurious for scoped packages. | ai | |
| typosquat | typosquat.levenshtein:qs | AI (typosquat): Scoped package @chain-registry/v2 cannot reasonably be confused with qs (query string parser). Levenshtein match is spurious for scoped packages. | ai |
Versions (showing 51 of 399)
| Version | Deps | Published |
|---|---|---|
| 1.71.237 | 1 / 2 | |
| 1.71.236 | 1 / 2 | |
| 1.71.235 | 1 / 2 | |
| 1.71.234 | 1 / 2 | |
| 1.71.233 | 1 / 2 | |
| 1.71.232 | 1 / 2 | |
| 1.71.231 | 1 / 2 | |
| 1.71.230 | 1 / 2 | |
| 1.71.229 | 1 / 2 | |
| 1.71.228 | 1 / 2 | |
| 1.71.227 | 1 / 2 | |
| 1.71.226 | 1 / 2 | |
| 1.71.225 | 1 / 2 | |
| 1.71.224 | 1 / 2 | |
| 1.71.223 | 1 / 2 | |
| 1.71.222 | 1 / 2 | |
| 1.71.221 | 1 / 2 | |
| 1.71.220 | 1 / 2 | |
| 1.71.219 | 1 / 2 | |
| 1.71.218 | 1 / 2 | |
| 1.71.217 | 1 / 2 | |
| 1.71.216 | 1 / 2 | |
| 1.71.215 | 1 / 2 | |
| 1.71.214 | 1 / 2 | |
| 1.71.213 | 1 / 2 | |
| 1.71.212 | 1 / 2 | |
| 1.71.211 | 1 / 2 | |
| 1.71.210 | 1 / 2 | |
| 1.71.209 | 1 / 2 | |
| 1.71.208 | 1 / 2 | |
| 1.71.207 | 1 / 2 | |
| 1.71.206 | 1 / 2 | |
| 1.71.205 | 1 / 2 | |
| 1.71.204 | 1 / 2 | |
| 1.71.203 | 1 / 2 | |
| 1.71.202 | 1 / 2 | |
| 1.71.201 | 1 / 2 | |
| 1.71.200 | 1 / 2 | |
| 1.71.199 | 1 / 2 | |
| 1.71.198 | 1 / 2 | |
| 1.71.197 | 1 / 2 | |
| 1.71.196 | 1 / 2 | |
| 1.71.195 | 1 / 2 | |
| 1.71.194 | 1 / 2 | |
| 1.71.193 | 1 / 2 | |
| 1.71.192 | 1 / 2 | |
| 1.71.191 | 1 / 2 | |
| 1.71.190 | 1 / 2 | |
| 1.71.189 | 1 / 2 | |
| 1.71.188 | 1 / 2 | |
| 1.71.187 | 1 / 2 |
v1.71.236
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.71.235
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.71.234
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.71.233
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.71.232
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.71.231
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.71.230
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.71.229
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.71.228
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.71.227
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.71.226
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.71.225
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.71.224
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.71.223
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.71.222
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.71.221
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.71.220
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.71.219
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.71.218
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.71.217
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.71.216
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.71.215
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.71.214
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.71.213
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.71.212
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.71.211
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.71.210
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.71.209
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.71.208
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.71.207
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.71.206
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.71.205
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.71.204
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.71.203
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.71.202
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.71.201
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.71.200
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.71.199
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.71.198
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.71.197
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.71.196
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.71.195
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.71.194
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.71.193
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.71.192
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.71.191
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.71.190
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.71.189
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.71.188
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.71.187
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.