@layerzerolabs/lz-serdes
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:aptos | AI (phantom-deps): Multi-chain library; deps declared for optional chain support, not direct imports. | ai | |
| phantom-deps | phantom-dep:bip39 | AI (phantom-deps): Multi-chain library; deps declared for optional chain support, not direct imports. | ai | |
| phantom-deps | phantom-dep:ethers | AI (phantom-deps): Multi-chain library; deps declared for optional chain support, not direct imports. | ai | |
| phantom-deps | phantom-dep:tronweb | AI (phantom-deps): Multi-chain library; deps declared for optional chain support, not direct imports. | ai | |
| phantom-deps | phantom-dep:memoizee | AI (phantom-deps): Multi-chain library; deps declared for optional chain support, not direct imports. | ai | |
| phantom-deps | phantom-dep:ed25519-hd-key | AI (phantom-deps): Multi-chain library; deps declared for optional chain support, not direct imports. | ai | |
| phantom-deps | phantom-dep:@coral-xyz/anchor | AI (phantom-deps): Multi-chain library; deps declared for optional chain support, not direct imports. | ai | |
| phantom-deps | phantom-dep:@layerzerolabs/lz-core | AI (phantom-deps): Same-org sibling dep; phantom detection is a false positive for this package. | ai | |
| phantom-deps | phantom-dep:@layerzerolabs/lz-utilities | AI (phantom-deps): Same-org sibling dep; phantom detection is a false positive for this package. | ai | |
| phantom-deps | phantom-dep:@layerzerolabs/tron-utilities | AI (phantom-deps): Same-org sibling dep; phantom detection is a false positive for this package. | ai |
Versions (showing 32 of 32)
| Version | Deps | Published |
|---|---|---|
| 3.0.168 | 10 / 12 | |
| 3.0.166 | 10 / 12 | |
| 3.0.162 | 10 / 12 | |
| 3.0.160 | 10 / 12 | |
| 3.0.157 | 10 / 12 | |
| 3.0.150 | 10 / 12 | |
| 3.0.148 | 10 / 12 | |
| 3.0.146 | 10 / 12 | |
| 3.0.145 | 10 / 12 | |
| 3.0.143 | 10 / 12 | |
| 3.0.139 | 10 / 12 | |
| 3.0.138 | 10 / 12 | |
| 3.0.135 | 10 / 12 | |
| 3.0.129 | 10 / 12 | |
| 3.0.128 | 10 / 12 | |
| 3.0.126 | 10 / 12 | |
| 3.0.125 | 10 / 12 | |
| 3.0.124 | 10 / 12 | |
| 3.0.123 | 10 / 12 | |
| 3.0.118 | 10 / 12 | |
| 3.0.117 | 10 / 12 | |
| 3.0.116 | 10 / 12 | |
| 3.0.115 | 10 / 12 | |
| 3.0.114 | 10 / 12 | |
| 3.0.112 | 10 / 12 | |
| 3.0.109 | 10 / 12 | |
| 3.0.106 | 10 / 12 | |
| 3.0.104 | 10 / 12 | |
| 3.0.103 | 10 / 12 | |
| 3.0.102 | 10 / 12 | |
| 3.0.100 | 10 / 12 | |
| 3.0.97 | 10 / 12 |
v3.0.168
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.166
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.162
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.160
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.157
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.150
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.148
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.146
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.145
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.143
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.139
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.138
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.135
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.129
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.128
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.126
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.125
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.124
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.123
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.118
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.117
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.116
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.115
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.114
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.112
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.109
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.106
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.104
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.103
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.102
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.100
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.97
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.