@keplr-wallet/background Apache-2.0 14 versions

@keplr-wallet/background

npm Repository Homepage

14

Versions

Apache-2.0

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

chainapsis

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Transition to GitHub Actions CI publishing is confirmed by SLSA provenance attestation from the official chainapsis/keplr-wallet repo.	ai	2026/05/29
semgrep	semgrep:hex-decode	AI (semgrep): Hex decoding of fixed constants (e.g. '1b','1c') for Ethereum signature construction; not a malicious payload.	ai	2026/05/16
semgrep	semgrep:shady-links-raw-ip	AI (semgrep): Raw IP (127.0.0.1) appears only in test files for phishing-list service spec; not production code.	ai	2026/05/16
phantom-deps	phantom-dep:delay	AI (phantom-deps): Declared in package.json dependencies; phantom-dep heuristic false positive for this monorepo package.	ai	2026/05/16
phantom-deps	phantom-dep:@ethereumjs/tx	AI (phantom-deps): Monorepo build pattern; stable false positive.	ai	2026/05/16
phantom-deps	phantom-dep:ledger-bitcoin	AI (phantom-deps): Monorepo build pattern; stable false positive.	ai	2026/05/16
phantom-deps	phantom-dep:@ethereumjs/common	AI (phantom-deps): Monorepo build pattern; stable false positive.	ai	2026/05/16
phantom-deps	phantom-dep:@keplr-wallet/popup	AI (phantom-deps): Same-org monorepo package; stable false positive.	ai	2026/05/16
semgrep	semgrep:base64-decode	AI (semgrep): Base64 decoding is routine in a crypto wallet for signing message payloads; stable false positive for this package.	ai	2026/05/16
phantom-deps	phantom-dep:@ethersproject/wallet	AI (phantom-deps): Monorepo build pattern; stable false positive.	ai	2026/05/16
phantom-deps	phantom-dep:@ethersproject/address	AI (phantom-deps): Monorepo build pattern; stable false positive.	ai	2026/05/16
phantom-deps	phantom-dep:@ledgerhq/hw-transport	AI (phantom-deps): Monorepo build pattern; stable false positive.	ai	2026/05/16
phantom-deps	phantom-dep:@ledgerhq/hw-app-starknet	AI (phantom-deps): Monorepo build pattern; stable false positive.	ai	2026/05/16
phantom-deps	phantom-dep:@keplr-wallet/ledger-cosmos	AI (phantom-deps): Same-org monorepo package; stable false positive.	ai	2026/05/16
phantom-deps	phantom-dep:@ledgerhq/hw-transport-webhid	AI (phantom-deps): Monorepo build pattern; stable false positive.	ai	2026/05/16
phantom-deps	phantom-dep:@ledgerhq/hw-transport-webusb	AI (phantom-deps): Monorepo build pattern; stable false positive.	ai	2026/05/16
phantom-deps	phantom-dep:@ledgerhq/hw-app-eth	AI (phantom-deps): Monorepo build pattern; stable false positive.	ai	2026/05/16

Versions (showing 14 of 114)

Version	Deps	Published
0.12.244	36 / 4	2025-06-24
0.12.243	36 / 4	2025-06-20
0.12.242	36 / 4	2025-06-20
0.12.241	36 / 4	2025-06-19
0.12.240	36 / 4	2025-06-16
0.12.239	36 / 4	2025-06-10
0.12.238	36 / 4	2025-06-02
0.12.237	36 / 4	2025-05-28
0.12.236	36 / 4	2025-05-27
0.12.235	36 / 4	2025-05-19
0.12.234	36 / 4	2025-05-15
0.12.233	36 / 4	2025-05-13
0.12.232	36 / 4	2025-05-08
0.12.231	36 / 4	2025-05-07

v0.12.244

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.12.243

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.12.242

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.12.241

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.12.240

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.12.239

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.12.238

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.12.237

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.12.236

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.12.235

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.12.234

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.12.233

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.12.232

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.12.231

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.