← Home

@hyperlane-xyz/helloworld

npm Repository Homepage

A basic skeleton of an Hyperlane app

11
Versions
Apache-2.0
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

nambrotyorhodestkporterpaulbalaji

Keywords

HelloWorldHyperlaneSolidityTypescript

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
dependencies unvetted-dep:@hyperlane-xyz/core AI (dependencies): Same-org sibling dependency in the Hyperlane monorepo; stable pattern across all versions. ai
phantom-deps phantom-dep:@hyperlane-xyz/core AI (phantom-deps): Same-org Solidity contracts dep; not directly imported in JS but used in Hardhat/Solidity build pipeline. ai
phantom-deps phantom-dep:@openzeppelin/contracts AI (phantom-deps): Referenced in Solidity/config files; not a JS import — expected pattern for Solidity packages. ai
phantom-deps phantom-dep:@openzeppelin/contracts-upgradeable AI (phantom-deps): Same as @openzeppelin/contracts — Solidity dependency, not a JS import. ai

Versions (showing 11 of 11)

Version Deps Published
34.0.0 9 / 26
33.1.1 9 / 26
33.1.0 9 / 26
33.0.2 9 / 26
33.0.0 9 / 26
28.1.0 9 / 33
25.3.2 9 / 32
25.3.1 9 / 32
25.1.0 9 / 32
19.10.0 9 / 29
19.8.0 5 / 25

v34.0.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v33.1.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v33.1.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v33.0.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v33.0.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v28.1.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v25.3.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v25.3.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v25.1.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v19.10.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v19.8.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.