@interchainjs/pubkey — Greenflagged

Pubkey helpers for blockchain projects

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

pyramationzetazz

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
phantom-deps	phantom-dep:@interchainjs/cosmos-types	AI (phantom-deps): Same-org dependency likely re-exported or transitively used; common pattern in monorepo-style packages.	ai	2026/04/23
phantom-deps	phantom-dep:@interchainjs/math	AI (phantom-deps): Same-org dependency likely re-exported or transitively used; common pattern in monorepo-style packages.	ai	2026/04/23
phantom-deps	phantom-dep:@interchainjs/amino	AI (phantom-deps): Same-org dependency likely re-exported or transitively used; common pattern in monorepo-style packages.	ai	2026/04/23
phantom-deps	phantom-dep:@interchainjs/encoding	AI (phantom-deps): Same-org dependency likely re-exported or transitively used; common pattern in monorepo-style packages.	ai	2026/04/23
dependencies	unvetted-dep:@interchainjs/encoding	AI (dependencies): Sibling package in the same @interchainjs monorepo, co-versioned. Not a third-party risk.	ai	2026/04/23
dependencies	unvetted-dep:@interchainjs/cosmos-types	AI (dependencies): Sibling package in the same @interchainjs monorepo, co-versioned. Not a third-party risk.	ai	2026/04/23
provenance	publisher-changed	AI (provenance): pyramation is the established hyperweb-io/interchainjs org lead with 2683 approved versions; transition from zetazz is a legitimate maintainer handoff within the same org.	ai	2026/04/23
bogus-package	bogus-package	AI (bogus-package): Inflated semver and empty entry point are artifacts of monorepo versioning and TypeScript barrel exports in the interchainjs monorepo; not indicative of spam or malice.	ai	2026/04/21
phantom-deps	phantom-dep:@interchainjs/types	AI (phantom-deps): @interchainjs/types is declared in dependencies and used for TypeScript types; phantom-dep false positive for type-only imports in TS monorepos.	ai	2026/04/21

Versions (showing 51 of 57)

View all versions

Version	Deps	Published
1.21.0	5 / 1	2026-03-01
1.20.0	5 / 1	2026-03-01
1.19.2	5 / 1	2026-02-27
1.19.1	5 / 1	2025-12-16
1.19.0	5 / 1	2025-12-11
1.18.0	5 / 1	2025-10-14
1.17.8	5 / 1	2025-10-02
1.17.7	5 / 1	2025-10-02
1.17.6	5 / 1	2025-09-22
1.17.5	5 / 1	2025-09-16
1.17.4	5 / 0	2025-09-11
1.17.3	5 / 0	2025-08-26
1.17.2	5 / 0	2025-08-25
1.17.0	5 / 0	2025-08-22
1.16.7	5 / 0	2025-08-19
1.16.6	5 / 0	2025-08-18
1.16.5	5 / 0	2025-08-18
1.16.4	5 / 0	2025-08-18
1.16.3	5 / 0	2025-08-14
1.16.2	5 / 0	2025-08-14
1.16.1	5 / 0	2025-08-14
1.16.0	5 / 0	2025-08-14
1.13.5	5 / 0	2025-08-13
1.13.0	5 / 0	2025-08-06
1.12.2	5 / 0	2025-08-06
1.12.1	5 / 0	2025-08-05
1.12.0	5 / 0	2025-08-03
1.11.18	5 / 0	2025-06-20
1.11.15	5 / 0	2025-06-08
1.11.14	5 / 0	2025-06-04
1.11.13	5 / 0	2025-06-03
1.11.12	5 / 0	2025-05-29
1.11.11	5 / 0	2025-05-22
1.11.10	5 / 0	2025-05-15
1.11.9	5 / 0	2025-05-10
1.11.8	5 / 0	2025-05-09
1.11.7	5 / 0	2025-05-09
1.11.6	5 / 0	2025-05-08
1.11.5	5 / 0	2025-04-24
1.11.4	5 / 0	2025-04-21
1.11.3	5 / 0	2025-04-21
1.11.2	5 / 0	2025-04-15
1.11.1	5 / 0	2025-04-14
1.11.0	5 / 0	2025-04-09
1.10.1	5 / 0	2025-04-07
1.10.0	5 / 0	2025-03-21
1.9.16	5 / 0	2025-03-18
1.9.15	5 / 0	2025-03-13
1.9.14	5 / 0	2025-03-03
1.9.13	5 / 0	2025-02-21
1.9.12	5 / 0	2025-02-17

v1.21.0

2 findings

HIGH Publisher changed: zetazz → pyramation (on 2026-03-01) provenance

This version was published by a different npm account than previous versions on 2026-03-01. This could indicate a legitimate maintainer transition or an account compromise.