@defuse-protocol/internal-utils

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

cawabunga_aurora

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Transition to GitHub Actions CI publishing with SLSA attestation; consistent with org-level CI/CD migration.	ai	2026/05/26
maintainer-change	maintainer-removed	AI (maintainer-change): Removal of human maintainer aligns with shift to automated GitHub Actions publishing with provenance attestation.	ai	2026/05/26
phantom-deps	phantom-dep:@hot-labs/omni-sdk	AI (phantom-deps): Dependency is declared and used; phantom-dep heuristic is a false positive for this package.	ai	2026/05/10
phantom-deps	phantom-dep:viem	AI (phantom-deps): viem is a declared runtime dependency in package.json; phantom-dep heuristic false positive for this package.	ai	2026/04/29

Versions (showing 75 of 75)

Version	Deps	Published
0.34.0	11 / 3	2026-05-26
0.33.0	11 / 3	2026-05-20
0.32.0	11 / 3	2026-05-14
0.31.2	11 / 3	2026-05-12
0.31.1	11 / 3	2026-04-13
0.31.0	11 / 3	2026-04-12
0.30.1	11 / 3	2026-04-01
0.30.0	11 / 3	2026-03-19
0.29.0	11 / 3	2026-03-04
0.28.4	11 / 3	2026-02-25
0.28.3	11 / 3	2026-02-24
0.28.2	11 / 3	2026-02-19
0.28.1	11 / 3	2026-02-15
0.28.0	11 / 3	2026-02-13
0.27.0	11 / 3	2026-02-11
0.26.0	11 / 3	2026-02-03
0.25.0	11 / 3	2026-01-30
0.24.2	11 / 3	2026-01-29
0.24.1	11 / 3	2026-01-23
0.24.0	11 / 3	2026-01-21
0.23.1	11 / 3	2026-01-16
0.23.0	11 / 3	2026-01-09
0.22.0	11 / 3	2026-01-08
0.21.1	11 / 4	2025-12-09
0.21.0	11 / 4	2025-12-05
0.20.0	11 / 4	2025-12-03
0.19.6	11 / 4	2025-12-02
0.19.5	11 / 4	2025-11-28
0.19.4	11 / 4	2025-11-26
0.19.3	11 / 4	2025-11-26
0.19.2	11 / 4	2025-11-24
0.19.1	11 / 4	2025-11-14
0.19.0	11 / 4	2025-11-10
0.18.3	11 / 4	2025-11-05
0.18.2	11 / 4	2025-11-05
0.18.1	11 / 4	2025-11-05
0.18.0	11 / 4	2025-10-31
0.17.0	11 / 4	2025-10-28
0.16.0	11 / 4	2025-10-27
0.15.2	11 / 4	2025-10-16
0.15.1	11 / 4	2025-10-12
0.15.0	11 / 4	2025-10-10
0.14.0	11 / 4	2025-10-09
0.13.0	11 / 4	2025-10-06
0.12.0	11 / 3	2025-10-02
0.11.1	11 / 3	2025-10-01
0.11.0	11 / 3	2025-09-24
0.10.0	11 / 3	2025-09-10
0.9.1	11 / 3	2025-08-25
0.9.0	11 / 3	2025-08-22
0.8.2	11 / 3	2025-08-18
0.8.1	11 / 3	2025-08-15
0.8.0	11 / 3	2025-08-15
0.7.0	12 / 3	2025-08-13
0.6.0	12 / 3	2025-08-06
0.5.0	12 / 3	2025-08-05
0.4.0	12 / 3	2025-08-05
0.3.0	12 / 3	2025-08-04
0.2.0	12 / 3	2025-07-31
0.1.4	12 / 3	2025-07-24
0.1.3	12 / 3	2025-07-23
0.1.2	12 / 3	2025-07-23
0.1.1	12 / 3	2025-07-22
0.1.0	12 / 3	2025-07-16
0.0.12	12 / 3	2025-07-15
0.0.11	12 / 3	2025-07-14
0.0.10	12 / 3	2025-07-14
0.0.9	12 / 3	2025-07-14
0.0.8	12 / 3	2025-07-10
0.0.7	12 / 3	2025-07-01
0.0.6	12 / 3	2025-06-19
0.0.5	12 / 3	2025-06-19
0.0.4	12 / 3	2025-06-18
0.0.3	12 / 3	2025-06-18
0.0.2	12 / 3	2025-06-18

v0.34.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.33.0

2 findings

HIGH Publisher changed: cawabunga_aurora → GitHub Actions (on 2026-05-20) provenance

This version was published by a different npm account than previous versions on 2026-05-20. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.