@hashgraph/asset-tokenization-sdk
Asset Tokenization SDK for Hedera
1
Versions
Apache-2.0
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
No source commit
Maintainers
steven.sheehyswirldslabs-adminrbair23nathan-swirldslabshedera-eng-automationnana-ec
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:cd | AI (phantom-deps): Dev utility accidentally in dependencies; not imported at runtime, stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:dpdm | AI (phantom-deps): Dev tool accidentally in dependencies; not imported at runtime. | ai | |
| phantom-deps | phantom-dep:efate | AI (phantom-deps): Test fixture library accidentally in dependencies; not imported at runtime. | ai | |
| phantom-deps | phantom-dep:chai | AI (phantom-deps): Test library accidentally in dependencies; not imported at runtime. | ai | |
| phantom-deps | phantom-dep:chai-as-promised | AI (phantom-deps): Test library accidentally in dependencies; not imported at runtime. | ai | |
| phantom-deps | phantom-dep:long | AI (phantom-deps): Transitive peer dep declared but not directly imported; stable false positive. | ai | |
| phantom-deps | phantom-dep:@hashgraph/sdk | AI (phantom-deps): Same-org SDK; phantom detection is a false positive for this package. | ai | |
| phantom-deps | phantom-dep:@reown/walletkit | AI (phantom-deps): Wallet integration dep referenced in config; stable false positive. | ai | |
| phantom-deps | phantom-dep:@reown/appkit-core | AI (phantom-deps): Wallet integration dep referenced in config; stable false positive. | ai | |
| phantom-deps | phantom-dep:@metamask/providers | AI (phantom-deps): Provider dep referenced in config; stable false positive. | ai | |
| phantom-deps | phantom-dep:@walletconnect/modal | AI (phantom-deps): WalletConnect dep referenced in config; stable false positive. | ai | |
| phantom-deps | phantom-dep:@walletconnect/utils | AI (phantom-deps): WalletConnect dep referenced in config; stable false positive. | ai | |
| phantom-deps | phantom-dep:@walletconnect/sign-client | AI (phantom-deps): WalletConnect dep referenced in config; stable false positive. | ai | |
| phantom-deps | phantom-dep:@reown/appkit-adapter-ethers | AI (phantom-deps): Wallet adapter dep referenced in config; stable false positive. | ai | |
| phantom-deps | phantom-dep:@walletconnect/universal-provider | AI (phantom-deps): WalletConnect dep referenced in config; stable false positive. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Enterprise SDK from hashgraph org; link-dump README and missing keywords are cosmetic, not spam indicators. | ai |
Versions (showing 1 of 1)
| Version | Deps | Published |
|---|---|---|
| 7.0.0 | 29 / 15 |
v7.0.0
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.