@keplr-wallet/cosmos — Greenflagged

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

chainapsis

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
npm-metadata	no-description	AI (npm-metadata): Scoped package from established org; missing description is common for internal library components.	ai	2026/04/24
provenance	no-provenance	AI (provenance): Provenance attestation is rare (~12% adoption); not a signal for this established publisher.	ai	2026/04/24
dependencies	unvetted-dep:protobufjs	AI (dependencies): protobufjs is a well-known, widely-used protobuf library; its use is expected and appropriate for a Cosmos blockchain client package handling protobuf serialization.	ai	2026/04/24
phantom-deps	phantom-dep:@keplr-wallet/common	AI (phantom-deps): Same-org scoped dependency in a monorepo; phantom import detection is unreliable for monorepo packages where usage may be indirect or in build artifacts.	ai	2026/04/24
provenance	publisher-changed	AI (provenance): Keplr wallet migrated to GitHub Actions CI/CD publishing with SLSA provenance attestation; the publisher change reflects legitimate automation, not a compromise.	ai	2026/04/24
bogus-package	bogus-package	AI (bogus-package): Missing metadata (description, repo, keywords) is typical for monorepo sub-packages; publisher chainapsis has 3057 approved packages and zero rejections.	ai	2026/04/24
semgrep	semgrep:base64-decode	AI (semgrep): Base64 decoding in this package is used for ADR-36 amino message validation in the Cosmos wallet context — standard cryptographic handling, not a malicious payload indicator.	ai	2026/04/23
phantom-deps	phantom-dep:long	AI (phantom-deps): 'long' is a standard dependency used alongside protobufjs for 64-bit integer handling; its indirect usage pattern is expected in protobuf-based packages.	ai	2026/04/23
semgrep	semgrep:hex-decode	AI (semgrep): Hex decoding appears in a test spec file as a hardcoded Cosmos transaction fixture. This is normal test data for a Cosmos library, not obfuscated malicious code.	ai	2026/04/23

Versions (showing 51 of 449)

Show 25 prereleases View all versions

Version	Deps	Published
0.13.38	12 / 0	2026-06-08
0.13.37	12 / 0	2026-06-02
0.13.36	12 / 0	2026-06-02
0.13.35	12 / 0	2026-05-22
0.13.34	12 / 0	2026-05-15
0.13.33	12 / 0	2026-05-12
0.13.32	12 / 0	2026-05-11
0.13.31	12 / 0	2026-05-08
0.13.30	12 / 0	2026-05-08
0.13.28	12 / 0	2026-05-07
0.13.27	12 / 0	2026-05-06
0.13.26	12 / 0	2026-04-30
0.13.24	12 / 0	2026-04-23
0.13.23	12 / 0	2026-04-18
0.13.22	12 / 0	2026-04-15
0.13.21	12 / 0	2026-04-13
0.13.20	12 / 0	2026-04-06
0.13.19	12 / 0	2026-04-01
0.13.18	12 / 0	2026-04-01
0.13.17	12 / 0	2026-03-28
0.13.16	12 / 0	2026-03-25
0.13.15	12 / 0	2026-03-23
0.13.14	12 / 0	2026-03-18
0.13.13	12 / 0	2026-03-16
0.13.12	12 / 0	2026-03-11
0.13.11	12 / 0	2026-02-27
0.13.10	12 / 0	2026-02-20
0.13.9	12 / 0	2026-02-13
0.13.8	12 / 0	2026-02-13
0.13.7	12 / 0	2026-02-12
0.13.6	12 / 0	2026-02-11
0.13.5	12 / 0	2026-02-11
0.13.4	12 / 0	2026-02-11
0.13.3	12 / 0	2026-02-03
0.13.2	12 / 0	2026-02-03
0.13.1	12 / 0	2026-01-26
0.13.0	12 / 0	2026-01-23
0.12.313	12 / 0	2026-01-19
0.12.312	12 / 0	2026-01-14
0.12.311	12 / 0	2026-01-14
0.12.310	12 / 0	2026-01-12
0.12.309	12 / 0	2026-01-08
0.12.308	12 / 0	2025-12-31
0.12.307	12 / 0	2025-12-24
0.12.306	12 / 0	2025-12-18
0.12.305	12 / 0	2025-12-15
0.12.304	12 / 0	2025-12-15
0.12.300	12 / 0	2025-12-09
0.12.299	12 / 0	2025-12-05
0.12.298	12 / 0	2025-12-05
0.12.297	12 / 0	2025-12-03