@interchainjs/amino — Greenflagged

Helpers for Amino based signing.

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

pyramationzetazz

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
phantom-deps	phantom-dep:@interchainjs/math	AI (phantom-deps): Same-org scoped dependency in monorepo; re-exported or transitively used; expected pattern.	ai	2026/04/23
phantom-deps	phantom-dep:@interchainjs/utils	AI (phantom-deps): Same-org scoped dependency in monorepo; re-exported or transitively used; expected pattern.	ai	2026/04/23
phantom-deps	phantom-dep:@interchainjs/crypto	AI (phantom-deps): Same-org scoped dependency in monorepo; re-exported or transitively used; expected pattern.	ai	2026/04/23
phantom-deps	phantom-dep:@interchainjs/encoding	AI (phantom-deps): Same-org scoped dependency in monorepo; re-exported or transitively used; expected pattern.	ai	2026/04/23
provenance	publisher-changed	AI (provenance): pyramation is the established Hyperweb/Cosmology org publisher with 2679 approved versions; transition from zetazz reflects a legitimate org-level publishing handoff for the interchainjs monorepo.	ai	2026/04/23
typosquat	typosquat.levenshtein:pino	AI (typosquat): This is a scoped Cosmos/IBC ecosystem package with no relation to 'pino'. The levenshtein match is a false positive; verdict generalizes across all versions of this package.	ai	2026/04/21

Versions (showing 58 of 58)

Version	Deps	Published
1.21.0	4 / 1	2026-03-01
1.20.0	4 / 1	2026-03-01
1.19.2	4 / 1	2026-02-27
1.19.1	4 / 1	2025-12-16
1.19.0	4 / 1	2025-12-11
1.18.0	4 / 1	2025-10-14
1.17.8	4 / 1	2025-10-02
1.17.7	4 / 1	2025-10-02
1.17.6	4 / 1	2025-09-22
1.17.5	4 / 1	2025-09-16
1.17.4	4 / 0	2025-09-11
1.17.3	4 / 0	2025-08-26
1.17.2	4 / 0	2025-08-25
1.17.1	4 / 0	2025-08-22
1.17.0	4 / 0	2025-08-22
1.16.7	4 / 0	2025-08-19
1.16.6	4 / 0	2025-08-18
1.16.5	4 / 0	2025-08-18
1.16.4	4 / 0	2025-08-18
1.16.3	4 / 0	2025-08-14
1.16.2	4 / 0	2025-08-14
1.16.1	4 / 0	2025-08-14
1.16.0	4 / 0	2025-08-14
1.13.5	4 / 0	2025-08-13
1.13.0	4 / 0	2025-08-06
1.12.2	4 / 0	2025-08-06
1.12.1	4 / 0	2025-08-05
1.12.0	4 / 0	2025-08-03
1.11.18	4 / 0	2025-06-20
1.11.15	4 / 0	2025-06-08
1.11.14	4 / 0	2025-06-04
1.11.13	4 / 0	2025-06-03
1.11.12	4 / 0	2025-05-29
1.11.11	4 / 0	2025-05-22
1.11.10	4 / 0	2025-05-15
1.11.9	4 / 0	2025-05-10
1.11.8	4 / 0	2025-05-09
1.11.7	4 / 0	2025-05-09
1.11.6	4 / 0	2025-05-08
1.11.5	4 / 0	2025-04-24
1.11.4	4 / 0	2025-04-21
1.11.3	4 / 0	2025-04-21
1.11.2	4 / 0	2025-04-15
1.11.1	4 / 0	2025-04-14
1.11.0	4 / 0	2025-04-09
1.10.1	4 / 0	2025-04-07
1.10.0	4 / 0	2025-03-21
1.9.16	4 / 0	2025-03-18
1.9.15	4 / 0	2025-03-13
1.9.14	4 / 0	2025-03-03
1.9.13	4 / 0	2025-02-21
1.9.12	4 / 0	2025-02-17
1.9.11	4 / 0	2025-02-14
1.9.10	4 / 0	2025-02-14
1.9.8	4 / 0	2025-02-14
1.9.7	4 / 0	2025-02-14
1.9.6	4 / 0	2025-02-14
1.9.5	4 / 0	2025-02-14

v1.21.0

2 findings

HIGH Publisher changed: zetazz → pyramation (on 2026-03-01) provenance

This version was published by a different npm account than previous versions on 2026-03-01. This could indicate a legitimate maintainer transition or an account compromise.