← Home

@keplr-wallet/cosmos

npm Repository Homepage
74
Versions
Apache-2.0
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

chainapsis

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
npm-metadata no-description AI (npm-metadata): Scoped package from established org; missing description is common for internal library components. ai
provenance no-provenance AI (provenance): Provenance attestation is rare (~12% adoption); not a signal for this established publisher. ai
dependencies unvetted-dep:protobufjs AI (dependencies): protobufjs is a well-known, widely-used protobuf library; its use is expected and appropriate for a Cosmos blockchain client package handling protobuf serialization. ai
phantom-deps phantom-dep:@keplr-wallet/common AI (phantom-deps): Same-org scoped dependency in a monorepo; phantom import detection is unreliable for monorepo packages where usage may be indirect or in build artifacts. ai
provenance publisher-changed AI (provenance): Keplr wallet migrated to GitHub Actions CI/CD publishing with SLSA provenance attestation; the publisher change reflects legitimate automation, not a compromise. ai
bogus-package bogus-package AI (bogus-package): Missing metadata (description, repo, keywords) is typical for monorepo sub-packages; publisher chainapsis has 3057 approved packages and zero rejections. ai
semgrep semgrep:base64-decode AI (semgrep): Base64 decoding in this package is used for ADR-36 amino message validation in the Cosmos wallet context — standard cryptographic handling, not a malicious payload indicator. ai
phantom-deps phantom-dep:long AI (phantom-deps): 'long' is a standard dependency used alongside protobufjs for 64-bit integer handling; its indirect usage pattern is expected in protobuf-based packages. ai
semgrep semgrep:hex-decode AI (semgrep): Hex decoding appears in a test spec file as a hardcoded Cosmos transaction fixture. This is normal test data for a Cosmos library, not obfuscated malicious code. ai

Versions (showing 74 of 475)

Hide prereleases
Version Deps Published
0.11.3 11 / 0
0.11.2 11 / 0
0.11.1 11 / 0
0.11.0 11 / 0
0.10.24 11 / 0
0.10.23 11 / 0
0.10.22 11 / 0
0.10.21 11 / 0
0.10.20 11 / 0
0.10.19 11 / 0
0.10.18 10 / 0
0.10.17 10 / 0
0.10.16 10 / 0
0.10.15 10 / 0
0.10.14 10 / 0
0.10.13 10 / 0
0.10.12 10 / 0
0.10.11 10 / 0
0.10.10 10 / 0
0.10.9 10 / 0
0.10.8 10 / 0
0.10.7 10 / 0
0.10.6 10 / 0
0.10.5 10 / 0
0.10.4 10 / 0
0.10.3 10 / 0
0.10.2 10 / 0
0.10.1 10 / 0
0.10.0 9 / 0
0.9.16 9 / 0
0.9.12 9 / 0
0.9.10 9 / 0
0.9.9 8 / 0
0.9.7 8 / 0
0.9.6 8 / 0
0.9.5 8 / 0
0.9.4 8 / 0
0.9.0 8 / 0
0.8.15 9 / 1
0.8.13 9 / 1
0.8.12 9 / 1
0.8.11 9 / 1
0.8.8 9 / 1
0.8.7 9 / 1
0.8.6 9 / 1
0.8.5 9 / 1
0.8.4 9 / 1
0.8.2 9 / 1
0.8.0 9 / 1
0.13.15-rc.1 12 / 0
0.13.15-rc.0 12 / 0
0.13.4-rc.0 12 / 0
0.12.309-rc.1 12 / 0
0.12.309-rc.0 12 / 0
0.12.308-rc.1 12 / 0
0.12.308-rc.0 12 / 0
0.12.307-rc.0 12 / 0
0.12.300-rc.0 12 / 0
0.12.291-rc.3 12 / 0
0.12.291-rc.2 12 / 0
0.12.291-rc.1 12 / 0
0.12.291-rc.0 12 / 0
0.12.289-rc.0 12 / 0
0.12.288-rc.3 12 / 0
0.12.288-rc.2 12 / 0
0.12.288-rc.1 12 / 0
0.12.288-rc.0 12 / 0
0.12.286-rc.1 12 / 0
0.12.286-rc.0 12 / 0
0.12.285-rc.0 12 / 0
0.12.281-rc.6 12 / 0
0.12.281-rc.5 12 / 0
0.12.281-rc.4 12 / 0
0.12.281-rc.3 12 / 0

v0.11.3

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.11.2

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.11.1

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.11.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.10.24

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.10.23

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.10.22

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.10.21

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.10.20

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.10.19

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.10.18

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.10.17

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.10.16

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.10.15

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.10.14

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.10.13

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.10.12

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.10.11

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.10.10

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.10.9

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.10.8

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.10.7

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.10.6

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.10.5

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.10.4

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.10.3

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.10.2

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.10.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.10.0

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.16

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.12

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.10

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.9

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.7

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.6

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.5

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.4

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.8.15

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.8.13

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.8.12

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.8.11

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.8.8

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.8.7

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.8.6

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.8.5

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.8.4

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.8.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.8.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.