@hyperlane-xyz/sealevel-sdk
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| npm-metadata | bundled-binaries | AI (npm-metadata): The .so file is a Solana program test fixture, not a backdoor; consistent with the package's Solana SDK purpose. | ai |
Versions (showing 18 of 18)
| Version | Deps | Published |
|---|---|---|
| 35.1.0 | 7 / 15 | |
| 35.0.1 | 7 / 15 | |
| 35.0.0 | 7 / 15 | |
| 34.0.0 | 7 / 15 | |
| 33.1.1 | 7 / 15 | |
| 33.1.0 | 7 / 15 | |
| 33.0.2 | 7 / 15 | |
| 33.0.1 | 7 / 15 | |
| 33.0.0 | 7 / 15 | |
| 32.0.1 | 7 / 15 | |
| 32.0.0 | 7 / 15 | |
| 31.2.1 | 7 / 15 | |
| 31.2.0 | 7 / 15 | |
| 31.1.0 | 7 / 15 | |
| 31.0.1 | 7 / 15 | |
| 31.0.0 | 7 / 15 | |
| 30.1.1 | 7 / 15 | |
| 30.1.0 | 7 / 15 |
v35.1.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v35.0.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v35.0.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v34.0.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v33.1.1
2 findingsPackage contains compiled binaries that could be backdoors: • dist/testing/fixtures/spl_token_2022_v10.so
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v33.1.0
2 findingsPackage contains compiled binaries that could be backdoors: • dist/testing/fixtures/spl_token_2022_v10.so
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v33.0.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v33.0.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v33.0.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v32.0.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v32.0.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v31.2.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v31.2.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v31.1.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v31.0.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v31.0.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v30.1.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v30.1.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.