@hyperlane-xyz/sdk No license 10 versions

@hyperlane-xyz/sdk

npm Repository Homepage

10

Versions

—

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

nambrotyorhodestkporterpaulbalaji

Keywords

HyperlaneSDKTypescript

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
maintainer-change	maintainer-added	AI (maintainer-change): Package published via CI/CD with SLSA provenance; maintainer addition is a routine org change for this monorepo.	ai	2026/05/27
dependencies	unvetted-dep:starknet	AI (dependencies): Legitimate StarkNet integration dependency for a multi-chain SDK; stable pattern across versions.	ai	2026/05/24
dependencies	unvetted-dep:@hyperlane-xyz/core	AI (dependencies): First-party monorepo sibling package; expected dependency for this SDK.	ai	2026/05/24
provenance	slsa-provenance	AI (provenance): Hyperlane monorepo consistently publishes with SLSA provenance; stable signal across versions.	ai	2026/05/18
phantom-deps	phantom-dep:@cosmjs/crypto	AI (phantom-deps): CosmJS deps are declared and used transitively; phantom-dep heuristic false positive for this monorepo package.	ai	2026/05/18
phantom-deps	phantom-dep:@cosmjs/tendermint-rpc	AI (phantom-deps): Same as above — CosmJS tendermint-rpc is a legitimate declared dep used via config/type references.	ai	2026/05/18

Versions (showing 10 of 10)

Version	Deps	Published
34.0.0	41 / 24	2026-05-13
33.1.0	41 / 24	2026-05-01
33.0.2	41 / 24	2026-04-21
32.0.1	41 / 24	2026-04-16
31.2.1	41 / 24	2026-04-15
31.1.0	41 / 24	2026-04-14
31.0.1	41 / 24	2026-04-13
31.0.0	41 / 24	2026-04-11
30.1.1	41 / 24	2026-04-08
30.1.0	41 / 24	2026-04-08

v34.0.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v33.1.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v33.0.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v32.0.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v31.2.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v31.1.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v31.0.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v31.0.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v30.1.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v30.1.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.