@layerzerolabs/ton-sdk-tools
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | no-provenance | AI (provenance): Publisher has 13 approved packages without provenance; stable pattern for this org. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Monorepo utility package; sparse metadata is typical for internal SDK tooling, not spam. | ai | |
| npm-metadata | no-description | AI (npm-metadata): Consistent pattern across LayerZero monorepo packages; not a malice indicator here. | ai |
Versions (showing 31 of 31)
| Version | Deps | Published |
|---|---|---|
| 3.0.167 | 8 / 12 | |
| 3.0.166 | 8 / 12 | |
| 3.0.161 | 8 / 12 | |
| 3.0.159 | 8 / 12 | |
| 3.0.157 | 8 / 12 | |
| 3.0.156 | 8 / 12 | |
| 3.0.154 | 8 / 12 | |
| 3.0.151 | 8 / 12 | |
| 3.0.150 | 8 / 12 | |
| 3.0.147 | 8 / 12 | |
| 3.0.145 | 8 / 12 | |
| 3.0.144 | 8 / 12 | |
| 3.0.142 | 8 / 12 | |
| 3.0.141 | 8 / 12 | |
| 3.0.137 | 8 / 12 | |
| 3.0.135 | 8 / 12 | |
| 3.0.133 | 8 / 12 | |
| 3.0.132 | 8 / 12 | |
| 3.0.131 | 8 / 12 | |
| 3.0.124 | 8 / 12 | |
| 3.0.123 | 8 / 12 | |
| 3.0.121 | 8 / 12 | |
| 3.0.113 | 8 / 12 | |
| 3.0.112 | 8 / 12 | |
| 3.0.101 | 8 / 12 | |
| 3.0.100 | 8 / 12 | |
| 3.0.99 | 8 / 12 | |
| 3.0.96 | 8 / 12 | |
| 3.0.94 | 8 / 12 | |
| 3.0.92 | 8 / 12 | |
| 3.0.90 | 9 / 12 |
v3.0.166
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.161
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.159
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.157
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.156
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.154
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.151
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.150
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.147
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.145
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.144
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.142
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.141
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.137
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.135
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.133
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.132
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.131
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.124
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.123
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.121
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.113
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.112
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.101
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.100
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.99
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.96
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.94
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.92
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.0.90
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.