@drift-labs/vaults-sdk
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:rpc-websockets | AI (phantom-deps): Transitive/runtime dep for Solana WebSocket connections; stable false positive for this package. | ai | |
| dependencies | unvetted-dep:@drift-labs/sdk | AI (dependencies): First-party Drift Labs dependency; expected and stable for this package across versions. | ai | |
| phantom-deps | phantom-dep:ts-node | AI (phantom-deps): ts-node is used in the cli script, not a runtime import; false positive for this package. | ai | |
| phantom-deps | phantom-dep:typescript | AI (phantom-deps): typescript is a build tool referenced in config; not a runtime import, stable false positive. | ai |
Versions (showing 66 of 166)
| Version | Deps | Published |
|---|---|---|
| 0.9.142 | 6 / 3 | |
| 0.9.141 | 6 / 3 | |
| 0.9.140 | 6 / 3 | |
| 0.9.139 | 6 / 3 | |
| 0.9.138 | 6 / 3 | |
| 0.9.137 | 6 / 3 | |
| 0.9.136 | 6 / 3 | |
| 0.9.135 | 6 / 3 | |
| 0.9.134 | 6 / 3 | |
| 0.9.133 | 6 / 3 | |
| 0.9.132 | 6 / 3 | |
| 0.9.131 | 6 / 3 | |
| 0.9.130 | 6 / 3 | |
| 0.9.129 | 6 / 3 | |
| 0.9.128 | 6 / 3 | |
| 0.9.127 | 6 / 3 | |
| 0.9.126 | 6 / 3 | |
| 0.9.125 | 6 / 3 | |
| 0.9.124 | 6 / 3 | |
| 0.9.123 | 6 / 3 | |
| 0.9.122 | 6 / 3 | |
| 0.9.121 | 6 / 3 | |
| 0.9.120 | 6 / 3 | |
| 0.9.119 | 6 / 3 | |
| 0.9.118 | 6 / 3 | |
| 0.9.117 | 6 / 3 | |
| 0.9.116 | 6 / 3 | |
| 0.9.115 | 6 / 3 | |
| 0.9.114 | 6 / 3 | |
| 0.9.113 | 6 / 3 | |
| 0.9.112 | 6 / 3 | |
| 0.9.111 | 6 / 3 | |
| 0.9.110 | 6 / 3 | |
| 0.9.109 | 6 / 3 | |
| 0.9.108 | 6 / 3 | |
| 0.9.107 | 6 / 3 | |
| 0.9.106 | 6 / 3 | |
| 0.9.105 | 6 / 3 | |
| 0.9.104 | 6 / 3 | |
| 0.9.103 | 6 / 3 | |
| 0.9.102 | 6 / 3 | |
| 0.9.101 | 6 / 3 | |
| 0.9.100 | 6 / 3 | |
| 0.9.99 | 6 / 3 | |
| 0.9.98 | 6 / 3 | |
| 0.9.97 | 6 / 3 | |
| 0.9.96 | 6 / 3 | |
| 0.9.95 | 6 / 3 | |
| 0.9.94 | 6 / 3 | |
| 0.9.93 | 6 / 3 | |
| 0.9.92 | 6 / 3 | |
| 0.9.91 | 6 / 3 | |
| 0.9.90 | 6 / 3 | |
| 0.9.89 | 9 / 1 | |
| 0.9.78 | 9 / 1 | |
| 0.9.74 | 9 / 1 | |
| 0.9.63 | 9 / 1 | |
| 0.9.57 | 9 / 1 | |
| 0.9.42 | 10 / 1 | |
| 0.9.24 | 10 / 1 | |
| 0.9.7 | 10 / 1 | |
| 0.8.26 | 10 / 1 | |
| 0.8.22 | 10 / 1 | |
| 0.8.18 | 10 / 1 | |
| 0.8.11 | 10 / 1 | |
| 0.8.9 | 10 / 1 |
v0.9.142
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.141
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.140
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.139
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.138
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.137
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.136
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.135
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.134
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.133
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.132
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.131
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.130
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.129
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.128
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.127
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.126
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.125
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.124
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.123
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.122
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.121
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.120
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.119
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.118
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.117
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.116
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.115
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.114
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.113
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.112
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.111
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.110
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.109
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.108
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.107
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.106
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.105
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.104
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.103
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.102
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.101
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.100
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.99
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.98
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.97
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.96
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.95
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.94
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.93
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.92
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.91
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.90
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.89
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.78
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.74
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.63
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.57
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.42
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.24
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.9.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.8.26
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.8.22
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.8.18
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.8.11
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.8.9
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.