@imtbl/sdk Apache-2.0 25 versions

@imtbl/sdk

npm Repository Homepage

Immutable Typescript SDK

25

Versions

Apache-2.0

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

tcurtin88alex-immutableplatform-saimmutable-npm

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
dependencies	unvetted-dep:@imtbl/x-client	AI (dependencies): Same-monorepo sibling dep from trusted Immutable publisher; versioned in lockstep with parent.	ai	2026/05/31
dependencies	unvetted-dep:@imtbl/x-provider	AI (dependencies): Same-monorepo sibling dep from trusted Immutable publisher; versioned in lockstep with parent.	ai	2026/05/31
phantom-deps	phantom-dep:@imtbl/auth	AI (phantom-deps): Same-org package declared as dep; phantom-dep heuristic false positive for this monorepo SDK.	ai	2026/05/29
phantom-deps	phantom-dep:@imtbl/wallet	AI (phantom-deps): Same-org package declared as dep; phantom-dep heuristic false positive for this monorepo SDK.	ai	2026/05/29
source-diff	encoded-string-file:dist/index.browser.cdn.js	AI (source-diff): Long strings are minified bundle content (viem error classes, EIP-1559 logic); stable false positive for this SDK's CDN bundle.	ai	2026/05/20
dependencies	unvetted-dep:@imtbl/auth	AI (dependencies): First-party @imtbl monorepo sub-package; same publisher and versioning scheme.	ai	2026/05/03
dependencies	unvetted-dep:@imtbl/auth-next-server	AI (dependencies): First-party @imtbl monorepo sub-package; same publisher and versioning scheme.	ai	2026/05/03
dependencies	unvetted-dep:@imtbl/wallet	AI (dependencies): First-party @imtbl monorepo sub-package; same publisher and versioning scheme.	ai	2026/05/03
dependencies	unvetted-dep:@imtbl/passport	AI (dependencies): First-party @imtbl monorepo sub-package; same publisher and versioning scheme.	ai	2026/05/03
dependencies	unvetted-dep:@imtbl/checkout-sdk	AI (dependencies): First-party @imtbl monorepo sub-package; same publisher and versioning scheme.	ai	2026/05/03
dependencies	unvetted-dep:@imtbl/auth-next-client	AI (dependencies): First-party @imtbl monorepo sub-package; same publisher and versioning scheme.	ai	2026/05/03

Versions (showing 25 of 25)

Version	Deps	Published
2.20.0	11 / 3	2026-05-24
2.19.0	11 / 3	2026-05-15
2.18.0	11 / 3	2026-05-06
2.17.1	11 / 3	2026-04-30
2.17.0	11 / 3	2026-04-17
2.16.0	11 / 3	2026-04-14
2.15.0	11 / 3	2026-04-10
2.14.0	13 / 3	2026-03-20
2.13.0	13 / 3	2026-03-16
2.12.7	13 / 3	2026-02-24
2.12.5	11 / 3	2026-01-27
2.12.4	11 / 3	2026-01-14
2.12.1	11 / 3	2025-12-11
2.11.0	9 / 3	2025-12-04
2.10.6	9 / 3	2025-11-20
2.10.5	9 / 3	2025-11-07
2.10.4	9 / 3	2025-11-05
2.10.3	9 / 3	2025-10-29
2.10.0	9 / 3	2025-10-12
2.7.0	9 / 3	2025-09-22
2.4.13	9 / 3	2025-09-03
2.4.2	9 / 3	2025-07-21
2.4.1	9 / 3	2025-07-16
2.3.2	9 / 3	2025-07-07
2.2.3	9 / 3	2025-05-28

v2.20.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.19.0

2 findings

HIGH Long encoded string in modified file: dist/index.browser.cdn.js source-diff

Modified file contains 43 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.18.0

2 findings

HIGH Long encoded string in modified file: dist/index.browser.cdn.js source-diff

Modified file contains 43 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.17.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.17.0

2 findings

HIGH Long encoded string in modified file: dist/index.browser.cdn.js source-diff

Modified file contains 43 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.16.0

2 findings

HIGH Long encoded string in modified file: dist/index.browser.cdn.js source-diff

Modified file contains 43 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.15.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.14.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.13.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.12.7

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.12.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.12.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.12.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.11.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.10.6

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.10.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.10.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.10.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.10.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.7.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.4.13

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.4.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.4.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.3.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.2.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.