@dynamic-labs-wallet/node
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:@dynamic-labs/sdk-api-core | AI (phantom-deps): Declared dep used transitively or in config; stable false positive for this package. | ai | |
| typosquat | typosquat.levenshtein:zod | AI (typosquat): Scoped @dynamic-labs-wallet/node is not a typosquat of zod; false positive on edit distance. | ai | |
| npm-metadata | bundled-binaries | AI (npm-metadata): MPC executor native binaries for wallet crypto operations; expected for this package. | ai | |
| semgrep | semgrep:base64-decode | AI (semgrep): Standard base64-to-bytes helper for crypto operations. | ai | |
| semgrep | semgrep:hex-decode | AI (semgrep): EVM message hex parsing for keccak256 hashing; standard wallet SDK pattern. | ai | |
| semgrep | semgrep:dynamic-require | AI (semgrep): Native addon loader selecting platform-specific .node binary; standard pattern. | ai |
Versions (showing 51 of 51)
| Version | Deps | Published |
|---|---|---|
| 1.0.17 | 7 / 0 | |
| 1.0.16 | 7 / 0 | |
| 1.0.15 | 7 / 0 | |
| 1.0.14 | 7 / 0 | |
| 1.0.13 | 7 / 0 | |
| 1.0.12 | 7 / 0 | |
| 1.0.11 | 7 / 0 | |
| 1.0.10 | 7 / 0 | |
| 1.0.9 | 7 / 0 | |
| 1.0.8 | 7 / 0 | |
| 1.0.7 | 7 / 0 | |
| 1.0.6 | 7 / 0 | |
| 1.0.5 | 7 / 0 | |
| 1.0.4 | 7 / 0 | |
| 1.0.3 | 7 / 0 | |
| 1.0.2 | 7 / 0 | |
| 1.0.1 | 7 / 0 | |
| 1.0.0 | 7 / 0 | |
| 0.0.354 | 7 / 0 | |
| 0.0.353 | 7 / 0 | |
| 0.0.351 | 7 / 0 | |
| 0.0.350 | 7 / 0 | |
| 0.0.349 | 7 / 0 | |
| 0.0.348 | 7 / 0 | |
| 0.0.347 | 7 / 0 | |
| 0.0.346 | 7 / 0 | |
| 0.0.345 | 7 / 0 | |
| 0.0.344 | 7 / 0 | |
| 0.0.343 | 7 / 0 | |
| 0.0.342 | 7 / 0 | |
| 0.0.341 | 7 / 0 | |
| 0.0.340 | 7 / 0 | |
| 0.0.339 | 7 / 0 | |
| 0.0.338 | 7 / 0 | |
| 0.0.337 | 7 / 0 | |
| 0.0.336 | 7 / 0 | |
| 0.0.335 | 6 / 0 | |
| 0.0.334 | 6 / 0 | |
| 0.0.333 | 6 / 0 | |
| 0.0.332 | 6 / 0 | |
| 0.0.331 | 6 / 0 | |
| 0.0.330 | 6 / 0 | |
| 0.0.329 | 6 / 0 | |
| 0.0.328 | 6 / 0 | |
| 0.0.327 | 6 / 0 | |
| 0.0.326 | 6 / 0 | |
| 0.0.325 | 6 / 0 | |
| 0.0.324 | 6 / 0 | |
| 0.0.323 | 6 / 0 | |
| 0.0.322 | 6 / 0 | |
| 0.0.321 | 6 / 0 |
v1.0.17
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.16
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.15
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.14
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.13
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.12
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.11
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.2
2 findingsPackage contains compiled binaries that could be backdoors: • internal/node/native/libmpc_executor_linux_arm64_nodejs.node • internal/node/native/libmpc_executor_linux_x86_64_nodejs.node • internal/node/native/libmpc_executor_macos_arm64_nodejs.node • internal/node/native/libmpc_executor_macos_x86_64_nodejs.node
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.1
2 findingsPackage contains compiled binaries that could be backdoors: • internal/node/native/libmpc_executor_linux_arm64_nodejs.node • internal/node/native/libmpc_executor_linux_x86_64_nodejs.node • internal/node/native/libmpc_executor_macos_arm64_nodejs.node • internal/node/native/libmpc_executor_macos_x86_64_nodejs.node
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.0
2 findingsPackage contains compiled binaries that could be backdoors: • internal/node/native/libmpc_executor_linux_arm64_nodejs.node • internal/node/native/libmpc_executor_linux_x86_64_nodejs.node • internal/node/native/libmpc_executor_macos_arm64_nodejs.node • internal/node/native/libmpc_executor_macos_x86_64_nodejs.node
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.354
2 findingsPackage contains compiled binaries that could be backdoors: • internal/node/native/libmpc_executor_linux_arm64_nodejs.node • internal/node/native/libmpc_executor_linux_x86_64_nodejs.node • internal/node/native/libmpc_executor_macos_arm64_nodejs.node • internal/node/native/libmpc_executor_macos_x86_64_nodejs.node
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.353
2 findingsPackage contains compiled binaries that could be backdoors: • internal/node/native/libmpc_executor_linux_arm64_nodejs.node • internal/node/native/libmpc_executor_linux_x86_64_nodejs.node • internal/node/native/libmpc_executor_macos_arm64_nodejs.node • internal/node/native/libmpc_executor_macos_x86_64_nodejs.node
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.351
2 findingsPackage contains compiled binaries that could be backdoors: • internal/node/native/libmpc_executor_linux_arm64_nodejs.node • internal/node/native/libmpc_executor_linux_x86_64_nodejs.node • internal/node/native/libmpc_executor_macos_arm64_nodejs.node • internal/node/native/libmpc_executor_macos_x86_64_nodejs.node
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.350
2 findingsPackage contains compiled binaries that could be backdoors: • internal/node/native/libmpc_executor_linux_arm64_nodejs.node • internal/node/native/libmpc_executor_linux_x86_64_nodejs.node • internal/node/native/libmpc_executor_macos_arm64_nodejs.node • internal/node/native/libmpc_executor_macos_x86_64_nodejs.node
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.349
2 findingsPackage contains compiled binaries that could be backdoors: • internal/node/native/libmpc_executor_linux_arm64_nodejs.node • internal/node/native/libmpc_executor_linux_x86_64_nodejs.node • internal/node/native/libmpc_executor_macos_arm64_nodejs.node • internal/node/native/libmpc_executor_macos_x86_64_nodejs.node
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.348
2 findingsPackage contains compiled binaries that could be backdoors: • internal/node/native/libmpc_executor_linux_arm64_nodejs.node • internal/node/native/libmpc_executor_linux_x86_64_nodejs.node • internal/node/native/libmpc_executor_macos_arm64_nodejs.node • internal/node/native/libmpc_executor_macos_x86_64_nodejs.node
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.347
2 findingsPackage contains compiled binaries that could be backdoors: • internal/node/native/libmpc_executor_linux_arm64_nodejs.node • internal/node/native/libmpc_executor_linux_x86_64_nodejs.node • internal/node/native/libmpc_executor_macos_arm64_nodejs.node • internal/node/native/libmpc_executor_macos_x86_64_nodejs.node
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.346
2 findingsPackage contains compiled binaries that could be backdoors: • internal/node/native/libmpc_executor_linux_arm64_nodejs.node • internal/node/native/libmpc_executor_linux_x86_64_nodejs.node • internal/node/native/libmpc_executor_macos_arm64_nodejs.node • internal/node/native/libmpc_executor_macos_x86_64_nodejs.node
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.345
2 findingsPackage contains compiled binaries that could be backdoors: • internal/node/native/libmpc_executor_linux_arm64_nodejs.node • internal/node/native/libmpc_executor_linux_x86_64_nodejs.node • internal/node/native/libmpc_executor_macos_arm64_nodejs.node • internal/node/native/libmpc_executor_macos_x86_64_nodejs.node
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.344
2 findingsPackage contains compiled binaries that could be backdoors: • internal/node/native/libmpc_executor_linux_arm64_nodejs.node • internal/node/native/libmpc_executor_linux_x86_64_nodejs.node • internal/node/native/libmpc_executor_macos_arm64_nodejs.node • internal/node/native/libmpc_executor_macos_x86_64_nodejs.node
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.343
2 findingsPackage contains compiled binaries that could be backdoors: • internal/node/native/libmpc_executor_linux_arm64_nodejs.node • internal/node/native/libmpc_executor_linux_x86_64_nodejs.node • internal/node/native/libmpc_executor_macos_arm64_nodejs.node • internal/node/native/libmpc_executor_macos_x86_64_nodejs.node
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.342
2 findingsPackage contains compiled binaries that could be backdoors: • internal/node/native/libmpc_executor_linux_arm64_nodejs.node • internal/node/native/libmpc_executor_linux_x86_64_nodejs.node • internal/node/native/libmpc_executor_macos_arm64_nodejs.node • internal/node/native/libmpc_executor_macos_x86_64_nodejs.node
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.341
2 findingsPackage contains compiled binaries that could be backdoors: • internal/node/native/libmpc_executor_linux_arm64_nodejs.node • internal/node/native/libmpc_executor_linux_x86_64_nodejs.node • internal/node/native/libmpc_executor_macos_arm64_nodejs.node • internal/node/native/libmpc_executor_macos_x86_64_nodejs.node
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.340
2 findingsPackage contains compiled binaries that could be backdoors: • internal/node/native/libmpc_executor_linux_arm64_nodejs.node • internal/node/native/libmpc_executor_linux_x86_64_nodejs.node • internal/node/native/libmpc_executor_macos_arm64_nodejs.node • internal/node/native/libmpc_executor_macos_x86_64_nodejs.node
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.339
2 findingsPackage contains compiled binaries that could be backdoors: • internal/node/native/libmpc_executor_linux_arm64_nodejs.node • internal/node/native/libmpc_executor_linux_x86_64_nodejs.node • internal/node/native/libmpc_executor_macos_arm64_nodejs.node • internal/node/native/libmpc_executor_macos_x86_64_nodejs.node
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.338
2 findingsPackage contains compiled binaries that could be backdoors: • internal/node/native/libmpc_executor_linux_arm64_nodejs.node • internal/node/native/libmpc_executor_linux_x86_64_nodejs.node • internal/node/native/libmpc_executor_macos_arm64_nodejs.node • internal/node/native/libmpc_executor_macos_x86_64_nodejs.node
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.337
2 findingsPackage contains compiled binaries that could be backdoors: • internal/node/native/libmpc_executor_linux_arm64_nodejs.node • internal/node/native/libmpc_executor_linux_x86_64_nodejs.node • internal/node/native/libmpc_executor_macos_arm64_nodejs.node • internal/node/native/libmpc_executor_macos_x86_64_nodejs.node
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.336
2 findingsPackage contains compiled binaries that could be backdoors: • internal/node/native/libmpc_executor_linux_arm64_nodejs.node • internal/node/native/libmpc_executor_linux_x86_64_nodejs.node • internal/node/native/libmpc_executor_macos_arm64_nodejs.node • internal/node/native/libmpc_executor_macos_x86_64_nodejs.node
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.335
2 findingsPackage contains compiled binaries that could be backdoors: • internal/node/native/libmpc_executor_linux_arm64_nodejs.node • internal/node/native/libmpc_executor_linux_x86_64_nodejs.node • internal/node/native/libmpc_executor_macos_arm64_nodejs.node • internal/node/native/libmpc_executor_macos_x86_64_nodejs.node
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.334
2 findingsPackage contains compiled binaries that could be backdoors: • internal/node/native/libmpc_executor_linux_arm64_nodejs.node • internal/node/native/libmpc_executor_linux_x86_64_nodejs.node • internal/node/native/libmpc_executor_macos_arm64_nodejs.node • internal/node/native/libmpc_executor_macos_x86_64_nodejs.node
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.333
2 findingsPackage contains compiled binaries that could be backdoors: • internal/node/native/libmpc_executor_linux_arm64_nodejs.node • internal/node/native/libmpc_executor_linux_x86_64_nodejs.node • internal/node/native/libmpc_executor_macos_arm64_nodejs.node • internal/node/native/libmpc_executor_macos_x86_64_nodejs.node
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.332
2 findingsPackage contains compiled binaries that could be backdoors: • internal/node/native/libmpc_executor_linux_arm64_nodejs.node • internal/node/native/libmpc_executor_linux_x86_64_nodejs.node • internal/node/native/libmpc_executor_macos_arm64_nodejs.node • internal/node/native/libmpc_executor_macos_x86_64_nodejs.node
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.331
2 findingsPackage contains compiled binaries that could be backdoors: • internal/node/native/libmpc_executor_linux_arm64_nodejs.node • internal/node/native/libmpc_executor_linux_x86_64_nodejs.node • internal/node/native/libmpc_executor_macos_arm64_nodejs.node • internal/node/native/libmpc_executor_macos_x86_64_nodejs.node
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.330
2 findingsPackage contains compiled binaries that could be backdoors: • internal/node/native/libmpc_executor_linux_arm64_nodejs.node • internal/node/native/libmpc_executor_linux_x86_64_nodejs.node • internal/node/native/libmpc_executor_macos_arm64_nodejs.node • internal/node/native/libmpc_executor_macos_x86_64_nodejs.node
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.329
2 findingsPackage contains compiled binaries that could be backdoors: • internal/node/native/libmpc_executor_linux_arm64_nodejs.node • internal/node/native/libmpc_executor_linux_x86_64_nodejs.node • internal/node/native/libmpc_executor_macos_arm64_nodejs.node • internal/node/native/libmpc_executor_macos_x86_64_nodejs.node
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.328
2 findingsPackage contains compiled binaries that could be backdoors: • internal/node/native/libmpc_executor_linux_arm64_nodejs.node • internal/node/native/libmpc_executor_linux_x86_64_nodejs.node • internal/node/native/libmpc_executor_macos_arm64_nodejs.node • internal/node/native/libmpc_executor_macos_x86_64_nodejs.node
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.327
2 findingsPackage contains compiled binaries that could be backdoors: • internal/node/native/libmpc_executor_linux_arm64_nodejs.node • internal/node/native/libmpc_executor_linux_x86_64_nodejs.node • internal/node/native/libmpc_executor_macos_arm64_nodejs.node • internal/node/native/libmpc_executor_macos_x86_64_nodejs.node
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.326
2 findingsPackage contains compiled binaries that could be backdoors: • internal/node/native/libmpc_executor_linux_arm64_nodejs.node • internal/node/native/libmpc_executor_linux_x86_64_nodejs.node • internal/node/native/libmpc_executor_macos_arm64_nodejs.node • internal/node/native/libmpc_executor_macos_x86_64_nodejs.node
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.325
2 findingsPackage contains compiled binaries that could be backdoors: • internal/node/native/libmpc_executor_linux_arm64_nodejs.node • internal/node/native/libmpc_executor_linux_x86_64_nodejs.node • internal/node/native/libmpc_executor_macos_arm64_nodejs.node • internal/node/native/libmpc_executor_macos_x86_64_nodejs.node
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.324
2 findingsPackage contains compiled binaries that could be backdoors: • internal/node/native/libmpc_executor_linux_arm64_nodejs.node • internal/node/native/libmpc_executor_linux_x86_64_nodejs.node • internal/node/native/libmpc_executor_macos_arm64_nodejs.node • internal/node/native/libmpc_executor_macos_x86_64_nodejs.node
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.323
2 findingsPackage contains compiled binaries that could be backdoors: • internal/node/native/libmpc_executor_linux_arm64_nodejs.node • internal/node/native/libmpc_executor_linux_x86_64_nodejs.node • internal/node/native/libmpc_executor_macos_arm64_nodejs.node • internal/node/native/libmpc_executor_macos_x86_64_nodejs.node
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.322
2 findingsPackage contains compiled binaries that could be backdoors: • internal/node/native/libmpc_executor_linux_arm64_nodejs.node • internal/node/native/libmpc_executor_linux_x86_64_nodejs.node • internal/node/native/libmpc_executor_macos_arm64_nodejs.node • internal/node/native/libmpc_executor_macos_x86_64_nodejs.node
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.321
2 findingsPackage contains compiled binaries that could be backdoors: • internal/node/native/libmpc_executor_linux_arm64_nodejs.node • internal/node/native/libmpc_executor_linux_x86_64_nodejs.node • internal/node/native/libmpc_executor_macos_arm64_nodejs.node • internal/node/native/libmpc_executor_macos_x86_64_nodejs.node
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.