@interchainjs/cosmos-types

Cosmos message codecs and query implementation generated by telescope for cosmos chains

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

pyramationzetazz

Keywords

cosmosblockchainquery

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
dependencies	unvetted-dep:@interchainjs/utils	AI (dependencies): Same-org scoped sibling package from the same trusted publisher (zetazz/hyperweb-io); part of the interchainjs monorepo suite versioned together.	ai	2026/04/23
provenance	publisher-changed	AI (provenance): pyramation is a long-standing, highly-approved publisher in the @interchainjs/hyperweb-io ecosystem; transition from zetazz is a legitimate internal maintainer change within the same org.	ai	2026/04/23
publish-pattern	new-deps-added	AI (publish-pattern): @interchainjs/encoding is a same-scope sibling package in the interchainjs monorepo; adding it is a normal internal refactor, not a suspicious third-party dependency.	ai	2026/04/23
bogus-package	bogus-package	AI (bogus-package): Inflated semver is due to monorepo lockstep versioning across @interchainjs/* packages. README link dump is typical of auto-generated Telescope output. Not indicative of spam or malice.	ai	2026/04/21
phantom-deps	phantom-dep:@interchainjs/utils	AI (phantom-deps): Sibling package in the same org scope; phantom import pattern is consistent with generated code in a monorepo.	ai	2026/04/21

Versions (showing 51 of 70)

View all versions

Version	Deps	Published
1.21.0	4 / 1	2026-03-01
1.20.0	4 / 1	2026-03-01
1.19.1	3 / 1	2025-12-16
1.19.0	3 / 1	2025-12-11
1.18.0	3 / 1	2025-10-14
1.17.8	3 / 1	2025-10-02
1.17.7	3 / 1	2025-10-02
1.17.6	3 / 1	2025-09-22
1.17.5	3 / 1	2025-09-16
1.17.4	3 / 0	2025-09-11
1.17.3	3 / 0	2025-08-26
1.17.2	3 / 0	2025-08-25
1.17.1	3 / 0	2025-08-22
1.17.0	3 / 0	2025-08-22
1.16.7	3 / 0	2025-08-19
1.16.6	3 / 0	2025-08-18
1.16.5	3 / 0	2025-08-18
1.16.4	3 / 0	2025-08-18
1.16.3	3 / 0	2025-08-14
1.16.2	3 / 0	2025-08-14
1.16.1	3 / 0	2025-08-14
1.16.0	3 / 0	2025-08-14
1.13.5	3 / 0	2025-08-13
1.13.0	3 / 0	2025-08-06
1.12.2	3 / 0	2025-08-06
1.12.1	3 / 0	2025-08-05
1.12.0	3 / 0	2025-08-03
1.11.18	3 / 0	2025-06-20
1.11.15	3 / 0	2025-06-08
1.11.14	3 / 0	2025-06-04
1.11.13	3 / 0	2025-06-03
1.11.12	3 / 0	2025-05-29
1.11.11	2 / 0	2025-05-22
1.11.10	2 / 0	2025-05-15
1.11.9	2 / 0	2025-05-10
1.11.8	2 / 0	2025-05-09
1.11.7	2 / 0	2025-05-09
1.11.6	2 / 0	2025-05-08
1.11.5	2 / 0	2025-04-24
1.11.4	2 / 0	2025-04-21
1.11.3	2 / 0	2025-04-21
1.11.2	2 / 0	2025-04-15
1.11.1	2 / 0	2025-04-14
1.11.0	2 / 0	2025-04-09
1.10.1	2 / 0	2025-04-07
1.10.0	2 / 0	2025-03-21
1.9.16	2 / 0	2025-03-18
1.9.15	2 / 0	2025-03-13
1.9.14	2 / 0	2025-03-03
1.9.13	2 / 0	2025-02-21
1.9.12	2 / 0	2025-02-17

v1.21.0

2 findings

HIGH Publisher changed: zetazz → pyramation (on 2026-03-01) provenance

This version was published by a different npm account than previous versions on 2026-03-01. This could indicate a legitimate maintainer transition or an account compromise.