@coinbase/agentkit No license 11 versions

@coinbase/agentkit

npm Repository Homepage

11

Versions

—

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

coinbase-ownercoinbase-npm

Keywords

coinbasesdkcryptocdpagentkitaiagentnodejstypescript

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
phantom-deps	phantom-dep:x402	AI (phantom-deps): x402 is a declared payment protocol dep used in config/integration; phantom detection is a false positive for this package.	ai	2026/05/14
dependencies	unvetted-dep:x402-axios	AI (dependencies): x402-axios is a Coinbase-ecosystem payment protocol library; its use here is consistent with AgentKit's purpose.	ai	2026/05/14
dependencies	unvetted-dep:sushi	AI (dependencies): Known DeFi SDK; consistent with agentkit's DeFi integration scope.	ai	2026/05/11
dependencies	unvetted-dep:clanker-sdk	AI (dependencies): DeFi token deployment SDK; consistent with agentkit's scope.	ai	2026/05/11
dependencies	unvetted-dep:@coinbase/x402	AI (dependencies): Same Coinbase org; payment protocol SDK consistent with agentkit.	ai	2026/05/11
dependencies	unvetted-dep:@vaultsfyi/sdk	AI (dependencies): DeFi vaults SDK; consistent with agentkit's DeFi integration scope.	ai	2026/05/11
dependencies	unvetted-dep:@zerodev/intent	AI (dependencies): Account abstraction SDK; consistent with agentkit's wallet/intent scope.	ai	2026/05/11
dependencies	unvetted-dep:@ensofinance/sdk	AI (dependencies): DeFi routing SDK; consistent with agentkit's DeFi integration scope.	ai	2026/05/11
dependencies	unvetted-dep:@zoralabs/coins-sdk	AI (dependencies): Known Zora NFT/coins SDK; consistent with agentkit's scope.	ai	2026/05/11
dependencies	unvetted-dep:@privy-io/server-auth	AI (dependencies): Known Privy auth SDK; consistent with agentkit's wallet/auth scope.	ai	2026/05/11
dependencies	unvetted-dep:@coinbase/coinbase-sdk	AI (dependencies): Core Coinbase SDK from same org; expected dependency.	ai	2026/05/11
phantom-deps	phantom-dep:@coinbase/x402	AI (phantom-deps): Same org scope; likely re-exported or used indirectly in action providers.	ai	2026/05/11
phantom-deps	phantom-dep:@privy-io/public-api	AI (phantom-deps): Referenced in config/type files; stable false positive for this package.	ai	2026/05/11
phantom-deps	phantom-dep:@zoralabs/protocol-deployments	AI (phantom-deps): Referenced in config files; stable false positive for this package.	ai	2026/05/11

Versions (showing 11 of 11)

Version	Deps	Published
0.10.4	35 / 18	2025-12-19
0.10.3	32 / 18	2025-10-03
0.10.2	30 / 18	2025-09-20
0.10.1	28 / 18	2025-09-06
0.10.0	26 / 18	2025-08-09
0.9.1	26 / 18	2025-07-25
0.9.0	25 / 18	2025-07-18
0.8.2	24 / 18	2025-06-13
0.8.1	22 / 18	2025-06-09
0.8.0	22 / 18	2025-05-30
0.7.2	22 / 18	2025-05-14

v0.10.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.10.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.10.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.10.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.10.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.9.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.9.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.8.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.8.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.8.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.7.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.