@hyperlane-xyz/tron-sdk
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:@ethersproject/providers | AI (phantom-deps): Re-exported transitive dep pattern in hyperlane monorepo; stable false positive. | ai | |
| phantom-deps | phantom-dep:bignumber.js | AI (phantom-deps): Declared as runtime dep; may be used transitively or in config — stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@ethersproject/abi | AI (phantom-deps): Peer/transitive ethersproject dep declared for type resolution; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@hyperlane-xyz/registry | AI (phantom-deps): Same-org monorepo sibling; phantom-dep heuristic unreliable for monorepo packages. | ai |
Versions (showing 5 of 5)
| Version | Deps | Published |
|---|---|---|
| 23.0.5 | 9 / 16 | |
| 22.1.6 | 9 / 25 | |
| 22.1.4 | 9 / 25 | |
| 22.1.1 | 9 / 24 | |
| 21.1.5 | 9 / 24 |
v23.0.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.1.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.1.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v22.1.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v21.1.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.