@keplr-wallet/chain-validator
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:hex-decode | AI (semgrep): Hex decoding of Starknet chain ID response — standard blockchain data parsing, not obfuscated payload. | ai | |
| semgrep | semgrep:shady-links-raw-ip | AI (semgrep): All raw-IP references are 127.0.0.1 in test spec files; no production network calls to raw IPs. | ai | |
| phantom-deps | phantom-dep:utility-types | AI (phantom-deps): TypeScript type-only usage; phantom-dep heuristic false positive for type-level imports. | ai | |
| phantom-deps | phantom-dep:@ethersproject/abi | AI (phantom-deps): Likely used transitively or in type declarations; stable false positive for this package. | ai |
Versions (showing 15 of 115)
| Version | Deps | Published |
|---|---|---|
| 0.12.245 | 6 / 0 | |
| 0.12.244 | 6 / 0 | |
| 0.12.243 | 6 / 0 | |
| 0.12.242 | 6 / 0 | |
| 0.12.241 | 6 / 0 | |
| 0.12.240 | 6 / 0 | |
| 0.12.239 | 6 / 0 | |
| 0.12.238 | 6 / 0 | |
| 0.12.237 | 6 / 0 | |
| 0.12.236 | 6 / 0 | |
| 0.12.235 | 6 / 0 | |
| 0.12.234 | 6 / 0 | |
| 0.12.233 | 6 / 0 | |
| 0.12.232 | 6 / 0 | |
| 0.12.231 | 6 / 0 |
v0.12.245
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.12.244
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.12.243
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.12.242
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.12.241
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.12.240
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.12.239
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.12.238
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.12.237
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.12.236
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.12.235
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.12.234
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.12.233
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.12.232
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.12.231
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.