@chainlink/ccip-js
<div role="note" align="center" style="background:#fff4e5;border-left:4px solid #ff8c00;padding:12px;border-radius:6px;margin-bottom:16px;"> <strong>Deprecation notice:</strong> This package is deprecated and no longer maintained. Instead please use the
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:ethers | AI (phantom-deps): ethers is a declared runtime dep used transitively; phantom-dep false positive for this package. | ai | |
| dependencies | unvetted-dep:@nomicfoundation/hardhat-viem | AI (dependencies): Hardhat plugin used only in dev/test context; phantom dep confirms it's not imported at runtime. | ai | |
| dependencies | unvetted-dep:@nomicfoundation/hardhat-toolbox | AI (dependencies): Hardhat toolbox is a dev/test dependency; phantom dep confirms no runtime import. | ai | |
| phantom-deps | phantom-dep:typescript | AI (phantom-deps): Build tooling reference; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@openzeppelin/contracts | AI (phantom-deps): Referenced in Hardhat config/contracts; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@nomicfoundation/hardhat-viem | AI (phantom-deps): Hardhat plugin referenced in config; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:chai | AI (phantom-deps): Test/config-only reference; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@nomicfoundation/hardhat-toolbox | AI (phantom-deps): Hardhat plugin referenced in config; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@nomicfoundation/hardhat-chai-matchers | AI (phantom-deps): Hardhat plugin referenced in config; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@nomicfoundation/hardhat-ethers | AI (phantom-deps): Hardhat plugin referenced in config; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:mocha | AI (phantom-deps): Test/config-only reference; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:ts-jest | AI (phantom-deps): Test/config-only reference; stable false positive for this package. | ai |
Versions (showing 4 of 4)
| Version | Deps | Published |
|---|---|---|
| 0.2.7 | 11 / 19 | |
| 0.2.6 | 11 / 19 | |
| 0.2.5 | 11 / 19 | |
| 0.2.4 | 11 / 19 |
v0.2.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.